Web.Config hell

Asbjørn Ulsberg

unread,

Jan 30, 2003, 6:50:25 AM1/30/03

to

I'm having extreme difficulties with configuring my web
application the way I want. This is the structure of my
application:

App
|- Pubsys
|- Services

The "App" folder is configured as an IIS Application, and has a
stupid Web.Config file in it. In this file, I would like to add
Forms authentication to the "Pubsys" folder, but I would like
the "Services" folder to be open, and without any authentication
at all.

I have no clue of how to do this. I've tried the following:

The problems here is:

1. Both the "Pubsys" and "Services" folder has to be IIS
applications to set authentication on them. I can't have
them as applications, as the "Pubsys" folder contains User
Controls which I need access to from .aspx pages beneath
the "Services" folder. User Controls can't be included from
one application to another.

2. Even when configured as an IIS application, the "Services"
folder isn't without authentication. I get an HTTP logon
dialog, and have to set the authentication mode to
"Windows" to remove all authentication.

What?! How can authentication mode "None" result in an
logon dialog, and "Windows" lead to none? Is this a bug, or
am I missing something?

Is it possible to just have *one* Web.Config under *one* IIS
application, and configure different authentication modes for
the different folders beneath it? If so, please let me know,
because I'm dying here.

Thanks.

--
Asbjørn Ulsberg -=|=- X-No-Archive: No
"He's a loathsome offensive brute, yet I can't look away"

chris collinson

unread,

Jan 30, 2003, 8:13:52 AM1/30/03

to

Try the following

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>

</configuration>

>.
>

Asbjørn Ulsberg

unread,

Jan 30, 2003, 9:19:05 AM1/30/03

to

"chris collinson" wrote in
<news:026801c2c861$6f378e50$8ef82ecf@TK2MSFTNGXA04>:

> Try the following [...]

Thanks, it works like a charm. But I have one more question. Is
it possible to define several "path"s in one <location> element,
so I don't need 100 <location> elements if I have 100 folders
with the same authentication rules?

chris collinson

unread,

Jan 30, 2003, 9:49:54 AM1/30/03

to

Hi,

To be honest, you dont really need the location tag for
the public access folder. I was just being explicit. In
the top part of the config file is an authorization
section that allows all users access to every where in
your site by default as the web config file is cascaded
through all sub folders. If you want to control access
then yes, you seem to need one location path for each
area.

However, if you have a "Secure folder" that uses the forms
authentication, any sub folders on that folder will be
secure because of this cascading, it overrides the root
level config file. So you would place all files / folders
requiring authentication into this first secure folder and
all public access files / folders elsewhere.

eg, in the root webconfig file is a section

<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

Hope this helps.

>.
>

Asbjørn Ulsberg

unread,

Jan 31, 2003, 4:18:37 AM1/31/03

to

"chris collinson" wrote in
<news:09e701c2c86e$d9eb9d10$d3f82ecf@TK2MSFTNGXA10>:

> To be honest, you dont really need the location tag for
> the public access folder. I was just being explicit.

I understand.

> If you want to control access then yes, you seem to need one
> location path for each area.

Ok. :\

> Hope this helps.

Yes it does. Thanks.