ASP.NET Forms Authentication on subdirs

Andy M

Hi, I am developing an ASP.NET application that uses forms authentication. However, it contains subdirectories, and they don't get authenticated somehow. I added a web.config and set the SignOn.aspx to the sign on page in the application's root directory. However, if I move to a page in one of the subdirectories it requires me to log in again. Once I log in successfully it keeps sending me back to my sign in page. Does anyone have any idea what I am doing wrong? Cheers, Andy

Steven Campbell

The way this works depends on whether the subdirectories are setup as IIS applications or not. If they are just directories, then the Authentication element of web.config must only appear in the main directory. The Authorization element of the config file can appear in each directory, so that you can specify permissions per directory. If each subdirectory is an IIS application, then each can have their own full web.config file. However, they still inherit some stuff from the parent directory. This is much harder to setup, although I think I saw an article somewhere on this site on how to do it. It may be that you can just remove the Authentication element from the web.config files in the subdirectories.

---

my blog

Dave Wengier

Assuming your subdirectories are seperate applications, the following should work: * Remove the authentication tag from the sub-directories' web.config. * Make sure the LoginUrl attribute of the authentication tag in the main web.config references a full path, not relative ("/signon.aspx" for example) * Add the following tag to the main web.config:

<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" />

--- Dave