Role based security across sub directories

[FeatureRich]

Take the following directory structure:

AppRoot (configured as a IIS Application)
-> bin
-> dirA
-> dirB
-> dirC
login.aspx
web.config

Ok, what I want to do is controll access to everything in the appRoot
and then, based on a role, allow access to dirA, B, C etc. I am
currently using forms based authentication which authenticates via a
DB. Once authenticated I retrieve and create the principal and
overwrite the original. The roles are then kept up via a http handler
who's code is in the bin.

Question 1: Do all the sub directories have to be configured in IIS as
applications? It would seem like there would be a way to indicate that
the sub directories are a part of the App so that configuration
settings in the web.config would apply to all. If that is possible,
then why would the subs need to have application entry points in IIS?
When I try to use a location element in the root web.config to enable
the http handler that keeps up with roles, I get the error that
generally says configure dirA as a IIS application. If I do make them
apps in IIS, won't I run into AppDomain boundaries when I try to do
things across directories?

Question 2: I have my http handler code in a separate dll in the bin.
I would like to use the <location> element in the root web.config to
apply the handler and role restrictions on the sub directories. If the
handler code is in the root/bin, can I specify a path in the root
web.config <location> elements that point to it? Or would the only way
to do this be to put the handler code in the GAC so everything could
see it?
Fun stuff.

Thanks ahead. Just a little confused here.

[Patrick.O.Ige]

Hi FeatureRich,
Try reading through :-
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306238#3[/url]
Hope it helps
Patrick


"FeatureRich" wrote:

> Take the following directory structure:
>
> AppRoot (configured as a IIS Application)
> -> bin
> -> dirA
> -> dirB
> -> dirC
> login.aspx
> web.config
>
> Ok, what I want to do is controll access to everything in the appRoot
> and then, based on a role, allow access to dirA, B, C etc. I am
> currently using forms based authentication which authenticates via a
> DB. Once authenticated I retrieve and create the principal and
> overwrite the original. The roles are then kept up via a http handler
> who's code is in the bin.
>
> Question 1: Do all the sub directories have to be configured in IIS as
> applications? It would seem like there would be a way to indicate that
> the sub directories are a part of the App so that configuration
> settings in the web.config would apply to all. If that is possible,
> then why would the subs need to have application entry points in IIS?
> When I try to use a location element in the root web.config to enable
> the http handler that keeps up with roles, I get the error that
> generally says configure dirA as a IIS application. If I do make them
> apps in IIS, won't I run into AppDomain boundaries when I try to do
> things across directories?
>
> Question 2: I have my http handler code in a separate dll in the bin.
> I would like to use the <location> element in the root web.config to
> apply the handler and role restrictions on the sub directories. If the
> handler code is in the root/bin, can I specify a path in the root
> web.config <location> elements that point to it? Or would the only way
> to do this be to put the handler code in the GAC so everything could
> see it?
> Fun stuff.
>
> Thanks ahead. Just a little confused here.
>