Multiple/Different authentication settings in web.config

Question

How would I go about setting different authentication tags for different parts of my web app? Say I have:

/
/folder1/
/folder2/

Would it be possible to specify different <authentication/> tags for each folder?

I want folder1 to use Windows authentication but folder2 use Forms authentication.

I tried doing in a <location/> tag but it doesn't look like you can have <authentication/> tags in a <location/> tags, at least not via VS 2008 with it's built in webserver.

This errors out saying - Error 3 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

<location path="/folder1">
    <system.web>
      <authentication mode="Forms" />
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

Answer 1

You can only have <authentication /> on the top level web.config. You may have to create multiple applications. ie you can create an application within an application and use different authentication modes in each one.

Answer 2

These settings are only valid at the root level of your ASP.Net application. To use different settings in a sub folder you will need to go into IIS and set that sub folder to be a new application.

Once you done this, the folder will have a different icon in the IIs manager. Inside your subfolder, create a new web.config file and add the new authentication settings there.

More information available at Creating Applications.

Answer 3

I think you can set the forms authentication authorization on folder1 to

<allow users="*" />

then control the windows access via setting windows permissions on the folder.

I haven't tried it, but I can't think of why that wouldn't work.