| Groups | Blog | Home |
asp.net security : form authentication parser error.
I have a sub-directory named admin and when a user tries to access the page
inside "admin" folder I would like to use form authentication to validate the user. It says on many forums that I need the "admin" folder to be virtual directory which is set as an application so I did. The login page inside "admin" folder uses code-behind. When I compile and try to view the login.aspx page I get a "Could not load type 'xxxxxx.login'" Sorta figured that the page cannot find the bin directory which is in the root directory so I coded without using code-behind and wrote the authentication script inside the login.aspx page and this worked. However after the page redirect to the another page inside "admin" folder. That page fails cause it cannot find the "bin" directory... If I don't set "admin" folder as virtual folder and as application, I receive the following error: "It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS." I am desparate...I've been at this problem for last 5 days. Been to all forums and searched all over internet website. Could anyone help me out why this is not working properly?
Raizen,
I ran into the *exact* same problem with the *exact* same situation. I have a web-based application where I want free access to all pages except pages under the Admin folder. Users must log in to view those pages, and so forth. And I have been struggling trying to get this to work. I have spent most of today surfing both the internet and newsgroups, and finally found (pieced together is more the case) a solution. Now, I don't know if what worked for me will work for you, but I can think of nothing better than to share the knowledge. :) Here goes..... ------------ 1) I updated the web.config in the root folder: Change this: <authentication mode="Windows" /> To this: <authentication mode="Forms"> <forms name=".[YourFormNameHere]" loginUrl="login.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" /> </authentication> And then add the following right above the final </configuration> tag: <!-- SET UP AUTHORIZATION USING LOCATION TAG --> <location path="Admin"> <system.web> <authorization> <deny users="?" /> <allow users="*" /> </authorization> </system.web> </location> ------------ 2) I removed the login.aspx page from the Admin folder and put it in the root folder. We are using usernames/passwords stored in a database so I didn't use anything further in the web.config xml structure. ------------ 3) In the IIS manager I set the Admin folder back to a normal, regular folder. ------------ 4) Rebuilt application And bam! Application works great. You'll need to do some tweaking and/or error handling for invalid users, blank form fields, etc., but doing this worked for me. Again, I don't know if this will fit your scenario, but for what it is worth, I hope it helps. But I would still like to hear from an MVP on *both* why your/my original method didn't work, and why my method outlined above does. -- Andrew [quoted text, click to view] "raizen" <raizen@discussions.microsoft.com> wrote in message news:556B4D7D-4F34-43CD-9CC4-821352398FD4@microsoft.com... > I have a sub-directory named admin and when a user tries to access the page > inside "admin" folder I would like to use form authentication to validate the > user. It says on many forums that I need the "admin" folder to be virtual > directory which is set as an application so I did. The login page inside > "admin" folder uses code-behind. When I compile and try to view the > login.aspx page I get a "Could not load type 'xxxxxx.login'" Sorta figured > that the page cannot find the bin directory which is in the root directory so > I coded without using code-behind and wrote the authentication script inside > the login.aspx page and this worked. However after the page redirect to the > another page inside "admin" folder. That page fails cause it cannot find the > "bin" directory... > > If I don't set "admin" folder as virtual folder and as application, I > receive the following error: > > "It is an error to use a section registered as > allowDefinition='MachineToApplication' beyond application level. This error > can be caused by a virtual directory not being configured as an application > in IIS." > > I am desparate...I've been at this problem for last 5 days. Been to all > forums and searched all over internet website. > > Could anyone help me out why this is not working properly? > > Thanks in advance.
Thank you for post. I knew this workaround but I did not use it since I
wanted to know WHY it does not work when other ppl have no problem configuring it. The reason I think it works your way is that the login.aspx is at root directory. When subfolder "admin" is set as a virutal directory it looks for bin directory but it's not there so we get parser error saying "Could not load type 'xxxxxx.login'." But in order to use "Form authentication" the subfolder need to be virtual directory.... If someone could explain why my method does not work properly, I would appreciate alot. [quoted text, click to view] "Andrew" wrote:
> Raizen, > > I ran into the *exact* same problem with the *exact* same situation. I > have a web-based application where I want free access to all pages except > pages under the Admin folder. Users must log in to view those pages, and so > forth. And I have been struggling trying to get this to work. I have spent > most of today surfing both the internet and newsgroups, and finally found > (pieced together is more the case) a solution. Now, I don't know if what > worked for me will work for you, but I can think of nothing better than to > share the knowledge. :) Here goes..... > > ------------ > 1) I updated the web.config in the root folder: > > Change this: > <authentication mode="Windows" /> > > To this: > <authentication mode="Forms"> > <forms name=".[YourFormNameHere]" loginUrl="login.aspx" > protection="All" timeout="30" path="/" requireSSL="false" > slidingExpiration="true" /> > </authentication> > > And then add the following right above the final </configuration> tag: > > <!-- SET UP AUTHORIZATION USING LOCATION TAG --> > <location path="Admin"> > <system.web> > <authorization> > <deny users="?" /> > <allow users="*" /> > </authorization> > </system.web> > </location> > > ------------ > 2) I removed the login.aspx page from the Admin folder and put it in the > root folder. We are using usernames/passwords stored in a database so I > didn't use anything further in the web.config xml structure. > > ------------ > 3) In the IIS manager I set the Admin folder back to a normal, regular > folder. > > ------------ > 4) Rebuilt application > > > And bam! Application works great. You'll need to do some tweaking > and/or error handling for invalid users, blank form fields, etc., but doing > this worked for me. > Again, I don't know if this will fit your scenario, but for what it is > worth, I hope it helps. But I would still like to hear from an MVP on > *both* why your/my original method didn't work, and why my method outlined > above does. > > -- Andrew > > > "raizen" <raizen@discussions.microsoft.com> wrote in message > news:556B4D7D-4F34-43CD-9CC4-821352398FD4@microsoft.com... > > I have a sub-directory named admin and when a user tries to access the > page > > inside "admin" folder I would like to use form authentication to validate > the > > user. It says on many forums that I need the "admin" folder to be virtual > > directory which is set as an application so I did. The login page inside > > "admin" folder uses code-behind. When I compile and try to view the > > login.aspx page I get a "Could not load type 'xxxxxx.login'" Sorta > figured > > that the page cannot find the bin directory which is in the root directory > so > > I coded without using code-behind and wrote the authentication script > inside > > the login.aspx page and this worked. However after the page redirect to > the > > another page inside "admin" folder. That page fails cause it cannot find > the > > "bin" directory... > > > > If I don't set "admin" folder as virtual folder and as application, I > > receive the following error: > > > > "It is an error to use a section registered as > > allowDefinition='MachineToApplication' beyond application level. This > error > > can be caused by a virtual directory not being configured as an > application > > in IIS." > > > > I am desparate...I've been at this problem for last 5 days. Been to all > > forums and searched all over internet website. > > > > Could anyone help me out why this is not working properly? > > > > Thanks in advance. > >
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |