How do I use Forms Authentication for only a portion of my site?

15340 Users read it.

by Marcellino Bommezijn (July 11, 2002)

Forms Authentication must be set in the web.config in the root of your account, as this is where your application exists. What if you want to turn on authentication for a subfolder or a single page, and not your entire application? You can set this in your web.config in the root of your account as well.

User Rating (60 votes)

1 review available | Read the reviews »

Author(s):	Marcellino Bommezijn
User Level:	Beginner
Language:	VB.NET
Platform:	Web

To set the Forms Authentication parameters, the following must be in your web.config (for example):

  <system.web>
    
    <authentication mode="Forms">
      <forms name="MyAuth" loginUrl="loginpage/login.aspx" protection="All" path="/" />
    </authentication>
  </system.web>

Now you must define what you want to be protected. If you want to enable it for the entire site, then place the following within the <system.web> tag as well:

    <authorization>
      <deny users="?" />
    </authorization>

However, if you want to enable it for a particular subfolder or file, then you would use <location> tags instead. The following will turn on authentication for location "store/Checkout.aspx":

  <location path="store/Checkout.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

You can have as many <location> tags as you want. For more information on the <location> settings, please see the MSDN Library on Microsoft's site.

Source: MaximumASP Knowledgebase

Marcellino Bommezijn

Marcellino Bommezijn is one of the managers at UDzone.com. He is a contributor on the tutorials section.

In daily live he is a E-Business Coordinator at Geveke Motoren bv (Dutch Caterpillar Engine Dealer) and runs his own webdesign and hosting company.

(Photo: me and my son Nicky)

See All Postings From Marcellino Bommezijn >>

User Reviews

Total of 1 review

Good primer.

Written by Afendi Hamat on August 28, 2002

How about protecting individual elements on a page? For example, say certain links are shown only if you're logged in? I used to do this using cookies/session in classic ASP, just wondering if things are changed or the same in ASP.NET?

Books

Main Sponsor

Visit All Zones

Premium Articles

Latest Articles

Our Sponsors

Featured Article

Beyond Graphing

When a graph is drawn, the focus is kept on the actual underlying competing figures that constitute the graph. Sometimes it is difficult to make assumptions just by looking at these graphs. When looking at a geographical map of data you immediately see exactly where things are happening. This article presents a .NET geographical mapping solution that will illustrate a fairly simple way of implementing these maps.

Featured E-Book

Design & Accessibility

Have you, as a web developer or designer ever been on sites where the site seems more of a puzzle then a tool to find the information you where looking for? Or are you looking to improve your web design skills? Then read on!

Design & Accessibility

This e-Book will teach you how to become a truly professional developer or designer. By taking usability and accessibility issues in account when designing your websites or applications you can make the difference and avoid a lot of (user) frustration.

Featured Component

3D Gal Slideshow Bndl

Get our best gallery and slideshow components in one bundle and save money! Our most popular components combined to form an amazing presentation team.

This bundle includes:

Featured Book

Inside ASP.NET

Inside ASP.NET is a comprehensive guide to ASP.NET development using Microsoft's .NET development framework. This book presents information on the .NET framework that is of specific interest to Internet and intranet developers, and is split into the following sections: Introducing ASP.NET, Core ASP.NET, ASP.NET and Data Access, Advanced Technologies, Advanced Web Forms, and Putting It All Together

Each chapter tackles a specific area of ASP.NET development, first by giving a detailed overview, then presenting a series of code examples and walk-throughs that illustrate various applications of ASP.NET