3

I cannot seem to isolate my forums to set different permissions for them than the rest of the site.

Here is the setup for my site.

<location path=".">
  <system.web>
    <authentication mode="None" />
  </system.web>
</location>

I need to isolate my forums. At the moment, for testing purposes, I have it setup so that all users are denied access.

<location path="~/public/public-forum.aspx">
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="public/login.aspx" />
    </authentication>
    <authorization>
      <deny users="*" />
    </authorization>
  </system.web>
</location>

What I'm finding is that I can still access the forum page. This suggests to me that this isn't setup correctly.

Does the path attribute have to be relative? Does it have to point to the URL that the page is accessed through or the rewritten path? ~/public/public-forum.aspx is a virtual path that is rewritten so neither the directly nor the file exists with those names. Why does this currently not work?

I hope that's enough detail for a solution.

Improve this question
6
  • have you tried to configure another auth method in subFolder/Web.config? Commented May 11, 2012 at 19:30
  • The problem is the folder doesn't exist - the path is rewritten. Commented May 14, 2012 at 8:37
  • What is the actual, physical folder location? Commented May 14, 2012 at 9:36
  • There isn't one really, it's added to pages via the CMS. The forum itself is a usercontrol. Commented May 14, 2012 at 9:47
  • So you want to change auth mode for a particular page or even - particular query. I think that's not possible. You can change it for a folder and use different techniques, e.g. iframe, to emulate secured page access. Commented May 14, 2012 at 10:44

1 Answer 1

Reset to default
0

edit2: So the solution isn't only in the comments :
As far as i know you cannot specify an authenticationmode per location.
You could set the forms authentication mode throughout your site and only require logged in users in the secure parts.

edit:
mmmh strange , are you sure you only edited the ~ away?
They discuss your problem here but i can't imagine how changing the ~ would trigger it.
Could you perhaps post your entire web.config?
Also : are you using iis 6 and virtual directories?

The ~ sign is not needed , try this : 

<location path="public/public-forum.aspx">
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="public/login.aspx" />
    </authentication>
    <authorization>
      <deny users="*" />
    </authorization>
  </system.web>
</location>
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Hmm, that gives me the error: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.. Any ideas?
In reply to your edit: I'm using 7 for the live server. For dev I'm running it in debug mode from my local machine - it's not setup in my local IIS. There are no virtual directories in the project. From my own reading that error seems to have multiple causes and I can't really fathom what's causing it in my instance. I can't really post my whole web.config as it contains a lot of sensitive data though if you think something might be pertinent I can pull bits of it out.
The most curious part for me is that is just popped up now. Could you try replacing the ~ sign where it was to see if the problem vanishes? We should be able to work from there.
If I replace the ~ then the page loads. Without it I get the MachineToApplication error.
if i remove the authenticationmode tag it works on my machine. this person had the same problem btw : stackoverflow.com/questions/8176703/…
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.