Last post Apr 28, 2008 05:26 PM by GDB
Apr 27, 2008 09:21 PM|GDB|LINK
I'm trying to configure forms authentication for a subdomain. Per the hosting service's requirements all the subdomain files are in a folder in the root web but the folder has been configured in IIS as an application. Everything works as expected except
for forms authentication.
Here's what I've tried so far.
From my reading I learned that web.config will supposedly cross application boundaries, so I tried the simple method to restrict access to the folder and let web.config in the root domain handle the login chores; i.e. I put the following web.config in the
<allow roles='Administrator' />
<deny users='*' />
Two things don't work with this: #1 it throws up the browser security login form rather than the login.aspx page and #2 it won't accept the uid/pw. I tested a couple other features that should have used web.config in the main domain root and they didn't
work so I'm assuming web.config will _not_ cross application boundaries or I don't understand something fundamental. This post is about authorization though ... web.config in a subdomain can be another topic.
Next test was to expand on the subdomain web.config by adding
<forms name="Login" loginUrl="login.aspx" domain="mydomain.com" path="/" protection="All" timeout="60">
This doesn't work because it's not picking up the connection string from the top level domain web.config. So I added a connnection string section to the subdomain web.config for the next test. The results took me back to square one ... no error messages
but it wouldn't accept the password; the page just refreshes.
Obviously there is something fundamental I don't understand about forms authentication at the subdomain level. Any help or pointers to resource websites will e appreciated. Thanks.
Apr 28, 2008 08:22 AM|hemal_301080|LINK
to use <location> tag in parent web.config file to configure each subdomain or subdirectory differently.
Supply directory path in location tag i.e. <location path="dir1"><authentication mode="forms>Your info here</authentication></location>
same thing can be done with another directory with different login and default pages that should work for that dir only.
set <location path="dir2"><authentication mode="forms>Your info here</authentication></location>
Now in IIS configure each subdomain or subdirecty as an application. After this only, it will work.
I think this should help
Apr 28, 2008 05:26 PM|GDB|LINK
Thanks for the suggestion. I'm still not getting the desired results. I ran two tests; details below:
TEST #1 RESULT: Unrestricted access to anonymous users
TEST #2: // IN SUBDOMAIN WEB.CONFIG (web.config file in root domain /Partners folder (configured as application)