Web.Config

aadz5 · May 16th, 2004, 07:02 AM

Hi,

is it possible to have web.config files within folders that over-rides the web.config file for the site??

Adz - The World is not enough

bmains · May 16th, 2004, 10:05 AM

Hello,

Because ASP.NET works with virtual directories, you can have a web.config file at the root of the virtual, but not going into different folders within that virtual directory that I know of. However, depending on what you need it for, certain areas have a location element that you can specify the properties to be set only for that folder.

You also have a machine.config for every machine, which the web config overrides the settings in this file if there are conflicts. The machine.config is in the <windows folder>\Microsoft.NET\Framework\<Framework version>\config folder.

Brian

melvik · May 16th, 2004, 10:18 AM

if u r worry about read/Downloading ur Web.Config its not accessible in HHTP & users can NOT do it!

Always:),
Hovik Melkomian.

bmains · May 16th, 2004, 10:21 AM

Yeah, the only way to access the file is someone hacks into your system...

aadz5 · May 16th, 2004, 02:49 PM

Thanks for the help guys,

I thought as much, ok well I have a web.config file, which points to a specific login page. I want certain people to have specific privlages. At the moment each individual can access anywhere. So for example if you are a User you can only access certain pages, if you are a administrator you can access everything etc. Is there a way of doing this using form auhentication??

Adz - The World is not enough

bmains · May 16th, 2004, 08:07 PM

Hello,

There is a location element, which as an authorization element, which has an allow/deny element for allowing denying users in the application. YOu need to look at the web.config file xml layout, which I found in the MSDN. Or, you can use authenication in your application using the genericidentity and genericprincipal objects.

Brian

aadz5 · May 21st, 2004, 03:55 AM

Thats interesting,

So Brian, what the genericidentity and genericprincipal objects. Can these be implemented in place of the web.config file?? My website is with an ISP and they have stated that I cannot use multiple web.config files. thanks for the help guys, I think that I am getting there slowly!

Adz - The World is not enough

bmains · May 21st, 2004, 12:31 PM

Hello,

GenericIdentity and GenericPrincipal are used in application based security. You can use them to represent the user/roles, like below:

Dim objIdentity as new GenericIdentity(strUserName)
Dim objPrincipal as new GenericPrincipal(objIdentity, new string() {"Users", "Power Users"})

You can check if the user belongs to a role that is allowed to use a web form or a web forms actions through the objPrincipal.IsInRole("Power Users") method, which returns a boolean. I wouldn't replace the web.config file; I use these objects in my site to verify that the user can access a page or a page's functionality, but I still use the web.config file for some security related information. It's really a balance between the two.

Brian

aadz5 · May 24th, 2004, 03:30 AM

Nice one,

thanks Brian, I will give it a go!

Adz - The World is not enough