Chris, Glad to help. Very interesting, especially the fact that config inheritance passes down through an app, I thought that "might" work. I haven't had time to set up a test site to run through all this, but that's one of the questions I had. The other is state handling, specifically session and application variables. How does that work when the sub directories are actually apps? Do they all share the same session variables, the same application variables? What about the cache? Does the user have to log in separately to each app or is that seamless?
Dean -----Original Message----- From: Chris Mohan [mailto:[EMAIL PROTECTED] Sent: Thursday, April 29, 2004 4:12 PM To: [EMAIL PROTECTED] Subject: [AspNetAnyQuestionIsOk] Re: Config of Windows & Forms Auth Wow Dean-- you're a marathon answer man. Thanks for all the great help(for this question, those of mine you've answered in the past and all the others you're handling) Note: My questions relate to some research/experiments I've been doing rather than a real site. My company is looking into standardizing web.configs(as much as they can be) and these questions arose when I realized that some of our sites use forms auth within subdirs that contain thier own web.configs. Since we're trying to standardize I thought it best to try to store the config settings for the sub dirs in the root's config file. The two subirectories are true subdirectories rather than being virutual ones that were mapped underneath the site root in IIS. BUT they are also apps; in order for me to use forms authentication while also keeping windows authentication in place for the public part of the site I had to set them as apps in IIS. This was done only to enable the use of two authentication modes on the site though(without setting them as apps I get the error: "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level." ) Configuration inheritance still works though. Within the sub directories i can retrieve values stored in the root app's web.config appSettings element using configurationSettings.AppSettings("KeyName") --- In [EMAIL PROTECTED], "Dean Fiala" <[EMAIL PROTECTED]> wrote: > Chris, > So you are running three separate apps on your site, with three separate bin > directories, sessions, etc. As this is the case, I'd let them have their > own web.config files. I think its more confusing to put all the config > information in the root app's web.config, because it implies that the sub > directories are merely sub directories and not apps in and of themselves. > > I fully agree with you however that if they were true sub directories, it > makes much more sense to keep all the config information centralized in the > root config. That's where I would expect the entire application to be > configured. > > Dean > > -----Original Message----- > From: Chris Mohan [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 29, 2004 2:16 AM > To: [EMAIL PROTECTED] > Subject: [AspNetAnyQuestionIsOk] Re: Config of Windows & Forms Auth > > > Hi Dean, > > Sorry, I just realized I left out some important details: > > In the scenario I was trying to describe the subdirectories > "SecureArea1" and "SecureArea2" are configured as applications in > IIS. So the dir structure would look something like this: > > |---\MainSite(Configured as An App in IIS) > | +---Secure1(Configured as An App in IIS) > | +---Secure2(Configured as An App in IIS) > | +---MainSiteChild1 > | +---MainSiteChild2 > |web.Config(in mainSite's Root) > > What I think(hope) that this mix of settings acheives is the same > thing as if those subdirectories had their own web.config files. > While that method works fine I'm not in favor of having "maverick" > config files in sub-directories. In the past I've inherited apps > built by others who did not document thier work. SInce the sites > were large I didn't happen to stumble upon the sub-dirs that had > thier own web.configs for a good month and a half. > > The central web.config idea appeals to me because I like the notion > of having the ability to look in the root level web.config and see > how the whole appp is configured. > > Here's a good article about this exact topic but it uses > the "maverick" web.configs in sub dirs approach: > http://www.theserverside.net/articles/showarticle.tss? > id=FormAuthentication > > > > --- In [EMAIL PROTECTED], "Dean Fiala" > <[EMAIL PROTECTED]> wrote: > > Chris, > > Interesting. I've only created multiple authorization elements, > never > > multiple authentication elements. Not sure it actually works and > reading the > > docs, it shouldn't. > > > > A couple things... > > 1) The windows authentication is allowing all users at the moment > > > > 2) You only can define the authentication element once, and it can > only be > > defined at the site level, not for sub folders. The authorization > can be set > > for sub folders. So you might want to change your code a bit... > > > > <system.web> > > <authentication mode="Forms"> > > <forms loginUrl="login.aspx" /> > > </authentication> > > </system.web> > > > > <location path="SecureArea1"> > > <system.web> > > <authorization> > > <deny users="?" /> > > </authorization> > > </system.web> > > </location> > > > > <location path="SecureArea2"> > > <system.web> > > <authorization> > > <deny users="?" /> > > </authorization> > > </system.web> > > </location> > > > > > > > > 3) you can still leverage windows security in your app, even if > you are > > using forms authentication. Just disable anonymous user access in > IIS for > > the directory you want to secure using Windows. This will force > the user to > > enter their domain credentials when trying to access a page in the > > directory. > > > > HTH > > > > Dean Fiala > > ----------------------------- > > Very Practical Software, Inc. > > http://www.vpsw.com/links.aspx > > > > > > > > > > -----Original Message----- > > From: Chris Mohan [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, April 28, 2004 2:51 PM > > To: [EMAIL PROTECTED] > > Subject: [AspNetAnyQuestionIsOk] Config of Windows & Forms Auth > > > > > > Hi, I've configured a web app to use windows authentication and > also > > set up two separate subdirectories to use forms authentication. It > > appears to work fine but I have never seen a sample that > > demonstrates both in the same web.config (all the samples show a > > snippet outside the context of the entire web.config) I don't like > > assuming i've done this correctly and securely. > > > > Please take a look at the following from my web.config and let me > > know what you think(what's below is stripped down to > > the essentials w/ no attributes) Pretty basic, i just use a > > location element for each sub-dir and then set the auth mode inside > > of it. > > > > Thanks - C > > > > <?xml version="1.0" encoding="UTF-8" ?> > > <configuration> > > <system.web> > > <authentication mode="Windows" /> > > <authorization> > > <allow users="*" /> > > </authorization> > > </system.web> > > > > <location path="SecureArea1"> > > <system.web> > > <authentication mode="Forms"> > > <forms loginUrl="login.aspx" /> > > </authentication> > > <authorization> > > <deny users="?" /> > > </authorization> > > </system.web> > > </location> > > > > <location path="SecureArea2"> > > <system.web> > > <authentication mode="Forms"> > > <forms loginUrl="login.aspx" /> > > </authentication> > > <authorization> > > <deny users="?" /> > > </authorization> > > </system.web> > > </location> > > > > > > > > > > > > Yahoo! Groups Links > > > > > > Yahoo! Groups Links Yahoo! Groups Links Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
