Wow Dean-- you're a marathon answer man. Thanks for all the great
help(for this question, those of mine you've answered in the past
and all the others you're handling)
Note: My questions relate to some research/experiments I've been
doing rather than a real site. My company is looking into
standardizing web.configs(as much as they can be) and these
questions arose when I realized that some of our sites use forms
auth within subdirs that contain thier own web.configs. Since we're
trying to standardize I thought it best to try to store the config
settings for the sub dirs in the root's config file.
The two subirectories are true subdirectories rather than being
virutual ones that were mapped underneath the site root in IIS. BUT
they are also apps; in order for
me to use forms authentication while also keeping windows
authentication in place for the public part of the site I had to set
them as apps in IIS.
This was done only to enable the use of two authentication modes on
the site though(without setting them as apps I get the error: "It is
an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level." )
Configuration inheritance still works though. Within the sub
directories i can retrieve values stored in the root app's
web.config appSettings element using
configurationSettings.AppSettings("KeyName")
--- In [EMAIL PROTECTED], "Dean Fiala"
<[EMAIL PROTECTED]> wrote:
> Chris,
> So you are running three separate apps on your site, with three
separate bin
> directories, sessions, etc. As this is the case, I'd let them
have their
> own web.config files. I think its more confusing to put all the
config
> information in the root app's web.config, because it implies that
the sub
> directories are merely sub directories and not apps in and of
themselves.
>
> I fully agree with you however that if they were true sub
directories, it
> makes much more sense to keep all the config information
centralized in the
> root config. That's where I would expect the entire application
to be
> configured.
>
> Dean
>
> -----Original Message-----
> From: Chris Mohan [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 29, 2004 2:16 AM
> To: [EMAIL PROTECTED]
> Subject: [AspNetAnyQuestionIsOk] Re: Config of Windows & Forms Auth
>
>
> Hi Dean,
>
> Sorry, I just realized I left out some important details:
>
> In the scenario I was trying to describe the subdirectories
> "SecureArea1" and "SecureArea2" are configured as applications in
> IIS. So the dir structure would look something like this:
>
> |---\MainSite(Configured as An App in IIS)
> | +---Secure1(Configured as An App in IIS)
> | +---Secure2(Configured as An App in IIS)
> | +---MainSiteChild1
> | +---MainSiteChild2
> |web.Config(in mainSite's Root)
>
> What I think(hope) that this mix of settings acheives is the same
> thing as if those subdirectories had their own web.config files.
> While that method works fine I'm not in favor of having "maverick"
> config files in sub-directories. In the past I've inherited apps
> built by others who did not document thier work. SInce the sites
> were large I didn't happen to stumble upon the sub-dirs that had
> thier own web.configs for a good month and a half.
>
> The central web.config idea appeals to me because I like the notion
> of having the ability to look in the root level web.config and see
> how the whole appp is configured.
>
> Here's a good article about this exact topic but it uses
> the "maverick" web.configs in sub dirs approach:
> http://www.theserverside.net/articles/showarticle.tss?
> id=FormAuthentication
>
>
>
> --- In [EMAIL PROTECTED], "Dean Fiala"
> <[EMAIL PROTECTED]> wrote:
> > Chris,
> > Interesting. I've only created multiple authorization elements,
> never
> > multiple authentication elements. Not sure it actually works and
> reading the
> > docs, it shouldn't.
> >
> > A couple things...
> > 1) The windows authentication is allowing all users at the moment
> >
> > 2) You only can define the authentication element once, and it
can
> only be
> > defined at the site level, not for sub folders. The authorization
> can be set
> > for sub folders. So you might want to change your code a bit...
> >
> > <system.web>
> > <authentication mode="Forms">
> > <forms loginUrl="login.aspx" />
> > </authentication>
> > </system.web>
> >
> > <location path="SecureArea1">
> > <system.web>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > </system.web>
> > </location>
> >
> > <location path="SecureArea2">
> > <system.web>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > </system.web>
> > </location>
> >
> >
> >
> > 3) you can still leverage windows security in your app, even if
> you are
> > using forms authentication. Just disable anonymous user access
in
> IIS for
> > the directory you want to secure using Windows. This will force
> the user to
> > enter their domain credentials when trying to access a page in
the
> > directory.
> >
> > HTH
> >
> > Dean Fiala
> > -----------------------------
> > Very Practical Software, Inc.
> > http://www.vpsw.com/links.aspx
> >
> >
> >
> >
> > -----Original Message-----
> > From: Chris Mohan [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, April 28, 2004 2:51 PM
> > To: [EMAIL PROTECTED]
> > Subject: [AspNetAnyQuestionIsOk] Config of Windows & Forms Auth
> >
> >
> > Hi, I've configured a web app to use windows authentication and
> also
> > set up two separate subdirectories to use forms authentication.
It
> > appears to work fine but I have never seen a sample that
> > demonstrates both in the same web.config (all the samples show a
> > snippet outside the context of the entire web.config) I don't
like
> > assuming i've done this correctly and securely.
> >
> > Please take a look at the following from my web.config and let me
> > know what you think(what's below is stripped down to
> > the essentials w/ no attributes) Pretty basic, i just use a
> > location element for each sub-dir and then set the auth mode
inside
> > of it.
> >
> > Thanks - C
> >
> > <?xml version="1.0" encoding="UTF-8" ?>
> > <configuration>
> > <system.web>
> > <authentication mode="Windows" />
> > <authorization>
> > <allow users="*" />
> > </authorization>
> > </system.web>
> >
> > <location path="SecureArea1">
> > <system.web>
> > <authentication mode="Forms">
> > <forms loginUrl="login.aspx" />
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > </system.web>
> > </location>
> >
> > <location path="SecureArea2">
> > <system.web>
> > <authentication mode="Forms">
> > <forms loginUrl="login.aspx" />
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > </system.web>
> > </location>
> >
> >
> >
> >
> >
> > Yahoo! Groups Links
>
>
>
>
>
> Yahoo! Groups Links
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
