I've placed certain .aspx & .html pages into a subfolder called
MembersArea to which a successful logon will take the user.
Here's what I'm assuming: Both my main web folder and my MembersArea
subfolder need their own unique web.config file, correct?
I'm also assuming that by designing a custom logon page I'm using
"Forms Authentication" (?)
I've tried to put the pieces together as to what to put into the
web.config files to secure them such as:


<authentication>
<deny users="?"> <!-- Deny all unauthenticated users -->
<authentication/>


Am I on the right track here and do I need also in the web.config
file
to reference the login.aspx page?


Thanks!!

No, subfolders do not require their own web.config file. An alternative:


<location path="MembershipArea">
<system.web>
<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>
</system.web>
</location>

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short Urls & more: http://ittyurl.net


"slinky" wrote:

> I've placed certain .aspx & .html pages into a subfolder called
> MembersArea to which a successful logon will take the user.
> Here's what I'm assuming: Both my main web folder and my MembersArea
> subfolder need their own unique web.config file, correct?
> I'm also assuming that by designing a custom logon page I'm using
> "Forms Authentication" (?)
> I've tried to put the pieces together as to what to put into the
> web.config files to secure them such as:
>
>
> <authentication>
> <deny users="?"> <!-- Deny all unauthenticated users -->
> <authentication/>
>
>
> Am I on the right track here and do I need also in the web.config
> file
> to reference the login.aspx page?
>
>
> Thanks!!
>
>

thanks! I was going down the wrong path obviously.
My scenario extends to I have a registration page (Name, EmailAddress,
Password) and a login page (Name, Password).
I'm using any XML file to store that info (necessity in our business).
How can I apply the "<allow roles=3D"member" />" to this setup? Should I
add a node onto my XML for "Role"?

Here's what my XML looks like:

<?xml version=3D"1.0" standalone=3D"yes"?>
<submission>
<destination>
<emailAddress>kenneth.gay [at] wachovia.com</emailAddress>
<name>Ken Gay</name>
<password>helsinki</password>
</destination>
<destination>
<emailAddress>jeffstansen [at] hotmail.com</emailAddress>
<name>Jeff Stansen</name>
<password>tazmania</password>
</destination>
<destination>
<emailAddress>kleinpatter [at] yahoo.com</emailAddress>
<name>EdKlein</name>
<password>primative</password>
</destination>
</submission>

Thanks!


On Apr 2, 8:49=A0am, Peter Bromberg [C# MVP]
<pbromb... [at] yahoo.NoSpamMaam.com> wrote:
> No, subfolders do not require their own web.config file. An alternative:
>
> <location path=3D"MembershipArea">
> =A0 <system.web>
> =A0 =A0 <authorization>
> =A0 =A0 =A0 <allow roles=3D"member" />
> =A0 =A0 =A0 <deny users=3D"*" />
> =A0 =A0 </authorization>
> =A0 </system.web>
> </location>
>
> --
> Site:http://www.eggheadcafe.com
> UnBlog:http://petesbloggerama.blogspot.com
> Short Urls & more:http://ittyurl.net
>
>
>
> "slinky" wrote:
> > I've placed certain .aspx & .html pages into a subfolder called
> > MembersArea to which a successful logon will take the user.
> > Here's what I'm assuming: Both my main web folder and my MembersArea
> > subfolder need their own unique web.config file, correct?
> > I'm also assuming that by designing a custom logon page I'm using
> > "Forms Authentication" (?)
> > I've tried to put the pieces together as to what to put into the
> > web.config files to secure them such as:
>
> > <authentication>
> > =A0 =A0<deny users=3D"?"> <!-- Deny all unauthenticated users -->
> > <authentication/>
>
> > Am I on the right track here and do I need also in the web.config
> > file
> > to reference the login.aspx page?
>
> > Thanks!!- Hide quoted text -
>
> - Show quoted text -