I am new to ASP.NET, so forgive me if this is simple.
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location>
folder, however when I insert "Admin/" into the path I get the following error:
path attribute must be a relative virtual path. It cannot start with any of ' ' '.' '/' or '\'. C:\Personal\Projects\OliverSalon\web.config
I have tried placing "Admin", "/Admin" & "Admin/"
<configuration>
<connectionStrings>
<add name="OliverSalonConnectionString1" connectionString="Data Source=localhost;Initial Catalog=OliverSalon;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="false" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="Oliver" loginUrl="Login.aspx" path="/" timeout="20">
<credentials passwordFormat="Clear">
<user name="OliverSalon" password="cuts"/>
</credentials>
</forms>
</authentication>
<authorization >
<deny users="?"/>
</authorization>
</system.web>
<location path="/Admin">
<system.webServer>
<directoryBrowse enabled="false"/>
</system.webServer>
</location>
This is way back from my web form days.
Place a web.config in your admin folder.
The contents should be:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="admin" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
** EDIT to answer your question If you set the login url the framework will automatically send you to the login page if an unauthorized user tries to access your admin folder.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="20" slidingExpiration="true" cookieless="AutoDetect" protection="All" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx" path="/"/>
</authentication>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With