Multiple/Different authentication settings in web.config

How would I go about setting different authentication tags for different parts of my web app? Say I have:

/
/folder1/
/folder2/

Would it be possible to specify different <authentication/> tags for each folder?

I want folder1 to use Windows authentication but folder2 use Forms authentication.

I tried doing in a <location/> tag but it doesn’t look like you can have <authentication/> tags in a <location/> tags, at least not via VS 2008 with it’s built in webserver.

This errors out saying – Error 3 It is an error to use a section registered as allowDefinition=’MachineToApplication’ beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

<location path="/folder1">
    <system.web>
      <authentication mode="Forms" />
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You can only have <authentication /> on the top level web.config. You may have to create multiple applications. ie you can create an application within an application and use different authentication modes in each one.

Method 2

I think you can set the forms authentication authorization on folder1 to

<allow users="*" />

then control the windows access via setting windows permissions on the folder.

I haven’t tried it, but I can’t think of why that wouldn’t work.

Method 3

These settings are only valid at the root level of your ASP.Net application. To use different settings in a sub folder you will need to go into IIS and set that sub folder to be a new application.

Once you done this, the folder will have a different icon in the IIs manager. Inside your subfolder, create a new web.config file and add the new authentication settings there.

More information available at Creating Applications.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x