Chris,
Interesting. I've only created multiple authorization elements, never
multiple authentication elements. Not sure it actually works and reading the
docs, it shouldn't.
A couple things...
1) The windows authentication is allowing all users at the moment
2) You only can define the authentication element once, and it can only be
defined at the site level, not for sub folders. The authorization can be set
for sub folders. So you might want to change your code a bit...
<system.web>
<authentication mode="Forms">
<forms loginUrl="login.aspx" />
</authentication>
</system.web>
<location path="SecureArea1">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="SecureArea2">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
3) you can still leverage windows security in your app, even if you are
using forms authentication. Just disable anonymous user access in IIS for
the directory you want to secure using Windows. This will force the user to
enter their domain credentials when trying to access a page in the
directory.
HTH
Dean Fiala
-----------------------------
Very Practical Software, Inc.
http://www.vpsw.com/links.aspx
-----Original Message-----
From: Chris Mohan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 28, 2004 2:51 PM
To: [EMAIL PROTECTED]
Subject: [AspNetAnyQuestionIsOk] Config of Windows & Forms Auth
Hi, I've configured a web app to use windows authentication and also
set up two separate subdirectories to use forms authentication. It
appears to work fine but I have never seen a sample that
demonstrates both in the same web.config (all the samples show a
snippet outside the context of the entire web.config) I don't like
assuming i've done this correctly and securely.
Please take a look at the following from my web.config and let me
know what you think(what's below is stripped down to
the essentials w/ no attributes) Pretty basic, i just use a
location element for each sub-dir and then set the auth mode inside
of it.
Thanks - C
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="SecureArea1">
<system.web>
<authentication mode="Forms">
<forms loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="SecureArea2">
<system.web>
<authentication mode="Forms">
<forms loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Yahoo! Groups Links
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/saFolB/TM
---------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
