3

I cannot seem to isolate my forums to set different permissions for them than the rest of the site.

Here is the setup for my site.

<location path=".">
  <system.web>
    <authentication mode="None" />
  </system.web>
</location>

I need to isolate my forums. At the moment, for testing purposes, I have it setup so that all users are denied access.

<location path="~/public/public-forum.aspx">
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="public/login.aspx" />
    </authentication>
    <authorization>
      <deny users="*" />
    </authorization>
  </system.web>
</location>

What I'm finding is that I can still access the forum page. This suggests to me that this isn't setup correctly.

Does the path attribute have to be relative? Does it have to point to the URL that the page is accessed through or the rewritten path? ~/public/public-forum.aspx is a virtual path that is rewritten so neither the directly nor the file exists with those names. Why does this currently not work?

I hope that's enough detail for a solution.

Jon
  • 3,173
  • 3
  • 39
  • 66
  • have you tried to configure another auth method in subFolder/Web.config? – abatishchev May 11 '12 at 19:30
  • The problem is the folder doesn't exist - the path is rewritten. – Jon May 14 '12 at 08:37
  • What is the actual, physical folder location? – abatishchev May 14 '12 at 09:36
  • There isn't one really, it's added to pages via the CMS. The forum itself is a usercontrol. – Jon May 14 '12 at 09:47
  • So you want to change auth mode for a particular page or even - particular query. I think that's not possible. You can change it for a folder and use different techniques, e.g. iframe, to emulate secured page access. – abatishchev May 14 '12 at 10:44
  • Yes, I think you might be right. From all of the reading and experimenting I've done it seems our setup stands in the way of an easy solution. Sadly I can't change that. – Jon May 14 '12 at 11:36

1 Answers1

0

edit2: So the solution isn't only in the comments :
As far as i know you cannot specify an authenticationmode per location.
You could set the forms authentication mode throughout your site and only require logged in users in the secure parts.

edit:
mmmh strange , are you sure you only edited the ~ away?
They discuss your problem here but i can't imagine how changing the ~ would trigger it.
Could you perhaps post your entire web.config?
Also : are you using iis 6 and virtual directories?

The ~ sign is not needed , try this : 

<location path="public/public-forum.aspx">
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="public/login.aspx" />
    </authentication>
    <authorization>
      <deny users="*" />
    </authorization>
  </system.web>
</location>
Kristof
  • 3,267
  • 1
  • 20
  • 30
  • Hmm, that gives me the error: `It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.`. Any ideas? – Jon May 02 '12 at 14:59
  • In reply to your edit: I'm using 7 for the live server. For dev I'm running it in debug mode from my local machine - it's not setup in my local IIS. There are no virtual directories in the project. From my own reading that error seems to have multiple causes and I can't really fathom what's causing it in my instance. I can't really post my whole web.config as it contains a lot of sensitive data though if you think something might be pertinent I can pull bits of it out. – Jon May 03 '12 at 10:09
  • The most curious part for me is that is just popped up now. Could you try replacing the ~ sign where it was to see if the problem vanishes? We should be able to work from there. – Kristof May 03 '12 at 12:21
  • If I replace the ~ then the page loads. Without it I get the MachineToApplication error. – Jon May 03 '12 at 12:26
  • if i remove the authenticationmode tag it works on my machine. this person had the same problem btw : http://stackoverflow.com/questions/8176703/asp-net-mvc-3-areas-and-multiple-authentication-in-web-config – Kristof May 03 '12 at 12:48
  • Yes, removing that does indeed work but when I add in the things I need to add for that page I get the MachineToApplication error. What I ultimately need to do is overwrite the membership and role providers for my forum page (lets not get into that, suffice to say it's how we're doing it). So progress, yes, but I feel like I'm missing why this error rears its head when I add anything to this location? – Jon May 03 '12 at 12:57