2 Project in same WebRoot

[Francois Soucy]

I've 2 projects in same WEbRoot. Each project has is own Subdirectory.
Project #1: /Journal/ '<-- Anonymous
/Journal/Admin/ ' <-- WebForm Authentication for each web
page

Project #2: /Recettes/ '<--- Anonymous
/Recettes/Admin/ '<--- WebForm Authentication for each web
page

I've a Web.Config file that work perfectly for Form authentication. But I
really don't know how to add security for my second project. I ask this
because the hosting server only allow ONE (1) web.Config file in webroot
folder... I show you my present Web.Config file. The two project must have
distinct login page and if possible distinct custom error page... They are
completly different in subject and design.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>
<pages validateRequest="false" />
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="On" defaultRedirect="Journal/Err.aspx">
<error statusCode="404" redirect="Journal/Err.aspx" />
<error statusCode="403" redirect="Journal/Err.aspx" />
</customErrors>
<authentication mode="Forms">
<forms loginUrl="Journal/admin/Login.aspx" path="/">
</forms>
</authentication>
</system.web>
<location path="Journal/Admin">
<system.web>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>

</configuration>


The only thing I think is to add some kind of location to the main
<configuration> tag . I'm in the right direction?
Thanks
Francois

[[MSFT]]

Hi Francois,

I think the <location> element is the right solution for the problem. By
setting its path property, we can specify configrations for a sub folder or
even a particular page, including the authention settings.

Luke

[[MSFT]]

Hi Francois,

Still any concerns on this issue? If so, please feel free to post here.

Regards,

Luke

[Francois Soucy]

I've discuted a lot of that in another groups. I can't use web.config to do
what It seem that a single web.config file can't handle 2 directory with
each one a login page.. For now I check for a completly personal solution
for authentification or I must also check for a new Web Hosting..

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:1LJM4c2fEHA.2644@cpmsftngxa06.phx.gbl...

> Hi Francois,
>
> Still any concerns on this issue? If so, please feel free to post here.
>
> Regards,
>
> Luke
>

[[MSFT]]

Hi Francois,

I don't understood why you said "I can't use web.config to do what It seem
that a single web.config file can't handle 2 directory with each one a
login page." A Web.config can contains multiple <location> elements. You
may specify different configration with them.

Additionally, are "Journal" and "Recettes" all web application? If so, they
can also have web.config file intead of the one in web root.

Luke

[Francois Soucy]

Because my web hosting doesn't allow me to put more than 1 web.config file.
The only one I can use MUST be located in webroot.


"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:5rT$rKEgEHA.540@cpmsftngxa06.phx.gbl...

> Hi Francois,
>
> I don't understood why you said "I can't use web.config to do what It seem
> that a single web.config file can't handle 2 directory with each one a
> login page." A Web.config can contains multiple <location> elements. You
> may specify different configration with them.
>
> Additionally, are "Journal" and "Recettes" all web application? If so,

they

> can also have web.config file intead of the one in web root.
>
> Luke
>

[[MSFT]]

Then, how about the solution with <location> element? Did it not help on
the issue?

Luke

[Francois Soucy]

Nope this solution didn't work for me. I can put wich directory is protected
but I can't put a second login page... Users who try to access protected
page from second project are redirected to the login page of the first
project.. But I've find another solution for the login.. For now I'm also
searching a host provider that will permit me to have 2 projects in same
webroot.. I did't not even understant why Brinkster (My present web hosting)
in cautioned by Microsoft.....

Francois

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:KbP9owPgEHA.3452@cpmsftngxa06.phx.gbl...

> Then, how about the solution with <location> element? Did it not help on
> the issue?
>
> Luke
>

[[MSFT]]

Hi Francois,

How did you set the <authentication> element in web.config? For its
loginUrl property, we also can set a path like:

<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl=". /Journal/Admin/logon.aspx"
protection="All" path=" ./Journal/Admin/" timeout="30" />
</authentication>


Luke

[Francois Soucy]

See this. This is what I've for this moment..

<configuration>

<system.web>
<pages validateRequest="false" />
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="On" defaultRedirect="Journal/Err.aspx">
<error statusCode="404" redirect="Journal/Err.aspx" />
<error statusCode="403" redirect="Journal/Err.aspx" />
</customErrors>
<authentication mode="Forms">
<forms loginUrl="Journal/admin/Login.aspx" path="/">
</forms>
</authentication>
</system.web>
<location path="Journal/Admin">
<system.web>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>

</configuration>

Francois

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:qk7heo1gEHA.2876@cpmsftngxa06.phx.gbl...

> Hi Francois,
>
> How did you set the <authentication> element in web.config? For its
> loginUrl property, we also can set a path like:
>
> <authentication mode="Forms">
> <forms name=".ASPXFORMSDEMO" loginUrl=". /Journal/Admin/logon.aspx"
> protection="All" path=" ./Journal/Admin/" timeout="30" />
> </authentication>
>
>
> Luke
>

[[MSFT]]

I think you should put the <authentication mode="Forms"> inner the
<location> element, because only Journal/admin/ need form authentication.
For example
:
<location path="Journal/Admin">
<system.web>

<authentication mode="Forms">
<forms loginUrl="Journal/admin/Login.aspx" path="/">
</forms>
</authentication>

<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>

Luke

[Yan-Hong Huang[MSFT]]

Hello Francois,

I was reviewing the issue thread. How is everything going? If you have any
more concerns on it, please feel free to reply here and we will follow up.

Thanks very much.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.

[Francois Soucy]

It's not only Journal/Admin that need form authentication ( Recette/Admin
also need a form authentification). My 2 projects need forms
authentications. Each project are different so user will not been the same.
But I've a big constraint, I can have ONLY ONE web.config in all my folder.
This unique file MUST be in webroot folder.. For the moment my Journal
project is working well with authentication form for Admin folder. For my
other project ( Recette ), I was working on everething except forms that are
in Admin folder of this project. the only solution i can consider for now is
to change my web hosting... Brinkster is really not what they said...

Thank,
Francois

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:ZzaqsmChEHA.3356@cpmsftngxa06.phx.gbl...

>
>
> I think you should put the <authentication mode="Forms"> inner the
> <location> element, because only Journal/admin/ need form authentication.
> For example
> :
> <location path="Journal/Admin">
> <system.web>
>
> <authentication mode="Forms">
> <forms loginUrl="Journal/admin/Login.aspx" path="/">
> </forms>
> </authentication>
>
> <authorization>
> <deny users ="?" />
> </authorization>
> </system.web>
> </location>
>
> Luke
>
>
>

[Francois Soucy]

Hello Yan-Hong,

You can read my last reply to [MSFT]. It was written 2 min
ago! :) My only concerns is only this technical limitation of my Web
Hosting. Only one web.config in webroot. No more at any other place... Every
book I read said that I can put 1 configuration file in each folder that
need a different setting from the master file... Even microsoft tell that in
MSDN. I really think I must change my webhosting and microsoft MUST stop to
sustain Brinkster.

I post you the link to brinkster that concerne Web.Config file.:
[url]http://www.brinkster.com/Kb/Kb.asp?kb=81832[/url]

Thanks
Francois

P.S.: Sorry for my english!

"Yan-Hong Huang[MSFT]" <yhhuang@online.microsoft.com> wrote in message
news:2Vp$3schEHA.3936@cpmsftngxa10.phx.gbl...

> Hello Francois,
>
> I was reviewing the issue thread. How is everything going? If you have any
> more concerns on it, please feel free to reply here and we will follow up.
>
> Thanks very much.
>
> Best regards,
> Yanhong Huang
> Microsoft Community Support
>
> Get Secure! ¨C [url]www.microsoft.com/security[/url]
> Register to Access MSDN Managed Newsgroups!
> -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
> p&SD=msdn
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

[[MSFT]]

Hi Francois,

Thank you for the reply. What I suggested is a solution without changing
the webhost. It can be applied within only one web.config in the web root
folder. If you have to work with the original web host, you may consider it:

As I said before, we can add multiple <location> elements in a web.config
file, for example:

<location path="Journal/Admin">
<system.web>

<authentication mode="Forms">
<forms loginUrl="Journal/admin/Login.aspx" path="/">
</forms>
</authentication>

<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>

<location path=" Recette/Admin">
<system.web>

<authentication mode="Forms">
<forms loginUrl="Recette/admin/Login.aspx" path="/">
</forms>
</authentication>

<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>

As you see, I have two <location> elements and set different login form for
the two subs.

If you still have questions, please feel free to let me know.

Luke

[Yan-Hong Huang[MSFT]]

Hi Francois,

Thanks for your update. Luke has replied to your recent post on technical
part.

I also checked that article in brinkster. As we all know, ASP.NET supports
web.config in subdirectories. There should be some limitation on brinkster
which cause them not directly support it. You may contact them for the
reason of it. However, it is a third party company and so we have no
control over them. Or you may try to select some other web hosting provider
who can support it.

If you feel there is any we can do, please feel free to let me know. Thanks
very much for your understanding.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.

[Francois Soucy]

Hi yan-Hong,

I know that is a third party compagny but it's a
compagny that is listed INSIDE VS.Net in section "Web Hosting" !!! This is
where I find the situation funny!
Maybe a little word from Microsoft to this company could make big change...
Don't you think? :)

Thank for the reply
Francois


"Yan-Hong Huang[MSFT]" <yhhuang@online.microsoft.com> wrote in message
news:U7d%23JsZiEHA.2632@cpmsftngxa10.phx.gbl...

> Hi Francois,
>
> Thanks for your update. Luke has replied to your recent post on technical
> part.
>
> I also checked that article in brinkster. As we all know, ASP.NET supports
> web.config in subdirectories. There should be some limitation on brinkster
> which cause them not directly support it. You may contact them for the
> reason of it. However, it is a third party company and so we have no
> control over them. Or you may try to select some other web hosting
> provider
> who can support it.
>
> If you feel there is any we can do, please feel free to let me know.
> Thanks
> very much for your understanding.
>
> Best regards,
> Yanhong Huang
> Microsoft Community Support
>
> Get Secure! ¨C [url]www.microsoft.com/security[/url]
> Register to Access MSDN Managed Newsgroups!
> -http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
> p&SD=msdn
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

[Francois Soucy]

Thank,

I will consider that when I will construct my Admin section of
my project. I'.ve never think off that because on every documentation I've
read the location tag is located inside System.web tag.

Francois

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:nmYWIFOiEHA.2132@cpmsftngxa10.phx.gbl...

> Hi Francois,
>
> Thank you for the reply. What I suggested is a solution without changing
> the webhost. It can be applied within only one web.config in the web root
> folder. If you have to work with the original web host, you may consider
> it:
>
> As I said before, we can add multiple <location> elements in a web.config
> file, for example:
>
> <location path="Journal/Admin">
> <system.web>
>
> <authentication mode="Forms">
> <forms loginUrl="Journal/admin/Login.aspx" path="/">
> </forms>
> </authentication>
>
> <authorization>
> <deny users ="?" />
> </authorization>
> </system.web>
> </location>
>
> <location path=" Recette/Admin">
> <system.web>
>
> <authentication mode="Forms">
> <forms loginUrl="Recette/admin/Login.aspx" path="/">
> </forms>
> </authentication>
>
> <authorization>
> <deny users ="?" />
> </authorization>
> </system.web>
> </location>
>
> As you see, I have two <location> elements and set different login form
> for
> the two subs.
>
> If you still have questions, please feel free to let me know.
>
> Luke
>

[[MSFT]]

Yes, <location> element should be in the <System.web> tag. But it can have
a sub <System.web> tag inside, to indicate the different configration data
for the <location> element.

Luke

[Yan-Hong Huang[MSFT]]

Hi Francois,

I think they are partners of Microsoft. But we can't force them to
implement anything.

I will try to provide your feedback to some team to see whether we can do
something for it. Don't expect too much. :) If this feature is quite
important for you, my suggestion for you is to talk with them. If they
can't provide, you may change to another hosting company who can provide
it.

Thanks very much.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.