I have an ASP.NET Website. I want to restrict the Admin Folder to only users who are of ‘Admin Role’ in this SQL Server Table: tbl_Users_Admin having columns UID, PWD, Name, Role, Status). The rest of all the root pages I want to be publicly accessible by any user.
I will not be using ASP.NET Membership.
Admin User is just given the URL (https://www.Website.com/Admin/Login.aspx).
I have two Login.aspx pages in the root as well as in the Admin Folder.
I tried to resolve it through the Forms Authentication, but I am unable to resolve it.
Few forums suggested to create two different Web.Config files (one for root folder of website and another for Admin Folder), but it seems to be an inefficient way to me.
But I have not been successful to resolve it otherwise.
Although I have tried to do this using the as follows in the web.config file at root:
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Admin/Login.aspx" name=".ASPXFORMSAUTH" defaultUrl="/Admin/Login.aspx" >
</forms>
</authentication>
<authorization>
<allow roles="administrators" />
<allow users="admin" />
<deny users="?" />
</authorization>
<sessionState mode="InProc" cookieless="false" timeout="20">
</sessionState>
<customErrors defaultRedirect="~/Admin/ErrorPages/Error.aspx" mode="On">
<error statusCode="404" redirect="~/Admin/ErrorPages/Error.aspx" />
</customErrors>
<compilation debug="true">
<codeSubDirectories>
<add directoryName="CSharp"/>
<add directoryName="VB"/>
</codeSubDirectories>
</compilation>
</system.web>
</location>
And for the rest of the root pages (Public Pages):
<system.web>
For rest of the root pages (Public Pages)
</system.web>
You don’t need to add the Admin folder in the web.config.
Just add the following in the
web.configunder theconfigurationsection.