Hello,
I came with a solution, I'm posting it here in case that
it may be helpful for anyone else:
I did use the location tag, but i had to change the
web.config a little more:
In the main <system.web> section I have:
<authentication mode="Forms">
<forms name="myName" loginUrl="source/login.aspx"
protection="All" path="/MyApp" timeout="120" />
</authentication>
I also removed the authorization tags from this section.
Then I added the following location tags (after closing
the <system.web> tag of course!):
<location allowOverride="true">
<!-- protection for ALL folders -->
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="unprotected_folder">
<!-- protection for the unprotected_folder -->
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
If you have any questions or comments, let me know.
Thanks for reading!!
Regards,
Cesar Saucedo
[quoted text, click to view] >-----Original Message-----
>Hello,
> I currently have an application that is using "Forms"
as
>autentication mode. It's been working fine so far.
>
> What I now need is to protect the whole application
with
>such protection except for one folder. How an I do that??
>
> I read somewhere that I could use a tag
>named "<location>" in the web.config, however if I do
>that, I get a configuration error message that reads:
>It is an error to use a section registered as
>allowDefinition='MachineToApplication' beyond application
>level. This error can be caused by a virtual directory
not
>being configured as an application in IIS.
>
> Now, I'm worried that if I make such folder an
>application, I won't be able to use the <application
>settings> that I've created for my whole application.
>
> Any thoughts?
>
>.
