Reputation: 6030
How do I use forms authentication on a virtual routed url (asp.net routing and forms authentication)?
In ~/tools/ I have a webconfig file that contains the following:
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
Requests to ~/tools/mypage.aspx require the user to be in the admin role. If I use URL routing and have requests to ~/categories/mytools route to that above page, forms authentication does not require the user to be in the admin role. How do I use forms authentication on a virtual routed url?
So I need to add this to my webconfig:
for every virtual url that needs forms authentication? Seems repetitive if this has to be done with every url that is directed to a 'protected' destination page. Is there another solution?
Upvotes: 2
Views: 505
Answers (1)
Reputation: 37543
Since ~/categories/mytools is not explicitly ~/tools the web.config authorization does not get called. Even with virtual routing. You will need to replicate the web.config files across the directories to achieve this affect. To avoid doing double duty, you might want to put these entries into the root web.config listing their specific directories or files for exact permissions.
Upvotes: 1
Related Questions
- Authenticating The URL in ASP.NET MVC
- ReturnUrl Points to an ActionResult
- Using Routing without MVC: authentication form
- Form Authentication and URL Rewriting
- Using Forms Authentication/Authorization with Rewritten URLs
- Hiding the Default form authentication url in asp.net mvc
- authentication forms login url and route data
- Forms authentication + ASP.NET MVC absolute ReturnURL
- mvc forms authentication redirecting
- ASP.NET MVC Authorization based on Route Params