Neo Neo - 3 months ago 14
ASP.NET (C#) Question

pages in admin folder not redirecting to login page when user is not authenticated (windows forms authentication)

I'm new to asp.net, so any pointers would be great
my main web.config code which connects to a sql database from godaddy.

<configuration>
<connectionStrings>
<add name="XXXXXX" connectionString="Data Source=XXXXXX; Initial Catalog=AllMobileDB; User ID=XXXXXX; Password=XXXXXX@;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<roleManager enabled="true"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="login.aspx"/>
</authentication>
<membership defaultProvider="SqlProvider">
<providers>
<clear/>
<add connectionStringName="XXXXXX" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership>
</system.web>
<system.net>
<mailSettings>
<smtp from="XXXXXX">
<network enableSsl="true" host="smtp.gmail.com" userName="XXXXXX" password="XXXXXX" port="25"/>
</smtp>
</mailSettings>
</system.net>
</configuration>


I have a folder called admin and a page called adminpage i set up username and folder access via Web Site Administration Tool

my web.config in my admin folder code

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="Adminstator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>


it should let only people who is signed in to view the page however as of right now any one can access it. Any idea how to fix this thank you.

Answer

Set the location element

<system.web>
    <authentication mode="Forms">
      <forms loginUrl="Admin/login.aspx" defaultUrl="Admin/default.aspx"/>
    </authentication>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

<location path="Admin">
  <system.web>
   <authorization>
    <deny users="?"/>
   </authorization>
  </system.web>
</location>