views:

557

answers:

6

I have an application that uses Forms Authentication to authenticate one type of user. There is a section in this application that needs to be authenticated for another type of user using a different table in the database. The problem happens if the second type of user's session times out, she is taken to the login page defined in the Forms Authentication section of the main Web.Config instead of the login page for the second type of user. I am looking for solutions to this problem. One idea is to create an application in IIS for the section and create a Web.Config for the folder and add another Forms Authentication section. In my experiments, it seems this doesn't work. Am I missing something obvious? Any insights?

A: 

IIRC, the authentication works per folder. So you should be able to do it if all of the pages that require the 2nd type of authentication live in a specific sub-folder with it's own config.

Not 100% sure on this, though, so if someone more knowledgeable can contradict me I'll just delete the response.

Joel Coehoorn
+1  A: 

You may need to double check me on the syntax, but the top level web.config can have any number of tags.

<location>...</location>

Inside you can specify separate config parameters for whatever folder/file you want. Look here for a reference.

EDIT: Apoligies, I neglected to format the code properly

Ian Jacobs
But, you can't have authentication inside of a location tag - see http://msdn.microsoft.com/en-us/library/532aee0e.aspx under configurable locations.
Mark Brackett
Guess I'm a little rusty with my web development. I could have sworn it would work. My apologies.
Ian Jacobs
A: 

Ian: I am assuming you placed a code snippet in the post but it was filtered. Joel: I have a Web.Config in the subfolder and it is an application in IIS. Simply adding a Forms authentication section is throwing 500.19 errors.

Arsalan Ahmed
A: 

You cannot have an <authentication> section inside of a <location> tag, so you must have the subfolder set up as an IIS (and ASP.NET) application of it's own. So, you should be able to run the subsection on it's own.

I think 500.19 is the "can't read or parse web.config" error - does it have details? You may need to turn on remote errors (or check Event Viewer) to see them. If you're still having issues, post a snippet of web.config.

As an aside - I've never been a fan of nested apps, and would probably prefer having your normal Login.aspx page handle it either with as a MemberOf or perhaps redirecting to a SpecialUserLogin.aspx or something. Nested apps are a PITA to setup and test, IME (for instance - I don't think you can even get it working under Cassini - though you can do 2 separate projects for it, and combine when you deploy).

Mark Brackett
A: 

Yes you can. The Web.config files have a tree-like inheriting arhitecture with override capabilities. Meaning you can modify the settings inside a sub-folder by placing a web.config file there and specifying different configuration settings.

Andrei Rinea
A: 

The way I understand this problem, you have two solutions and the first is to look at Roles and the whole Provider Model would be a great place to start. Otherwise, the best bet would be to separate the application into two parts, breaking out the second user type area and then including it back into the main project via a Virtual Directory. Just remember that Virtual Directories inherit their permissions from the parent directories web.config, so you will need to use the <Location>tags to remove authentication for the virtual directory and then within the virtual directories web.config define your new forms authentication. This works well if you need Windows Authentication (NTLM) under Forms Authentication.

Ty