Forms Authentication web.config set up
Is this specification correct in the root web.config file? I haven't used a child web.config in the protected folder.
<system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="">
</forms>
</authentication>
</system.web>
Then another specification for system.web also in root开发者_StackOverflow社区 web.config:
<location path="to protected folder">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
You should setup the web.config with the following elements.
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="SiteName" path="/" loginUrl="~/Login.aspx" protection="All" timeout="30" />
</authentication>
</system.web>
</configuration>
You can protect folders by placing a web.config that denies anonymous access.
<configuration>
<system.web>
<!-- Place in a sub folder that you want to protect using Forms Authentication -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Web.config is cascaded in child folders, your assumption is correct, use login url
<authentication mode="Forms">
<forms defaultUrl="~/Step1.aspx" loginUrl="~/Signup.aspx" slidingExpiration="true" timeout="1000">
<credentials passwordFormat="Clear">
<user name="admin" password="123.admin"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="admin" />
<deny users="?"/>
</authorization>
Add connectionStrings element under configuration tag and authentication element under system.web tag.
<connectionStrings>
<add name="cs"connectionString="Data source=server_name; Initial Catalog=database_name; User Id=user_id; Password=user_password" providerName="System.Data.SqlClient" />
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="~/Home/LogOn"defaultUrl="~/Home/Home"timeout="2880" />
</authentication>
Here is a working Example here
精彩评论