Monday, December 03, 2007

ASP.NET Authentication Configuration

I was working on a Web application based on ASP.NET and WCSF. The application has a root virtual path with web.config and several sub-folders for other views. Each sub-folder also contains a web.config file.

Before I introduce authentication and Login to the application. It works fine. However, after I added security checking, I got compiling and running exception error. It complains about any authentication in web.config file. The following is an example error:

Line 107: <authentication mode="Forms">
Error It is an error to use a section registered
as allowDefinition='MachineToApplication' beyond application level.
This error can be caused by a virtual directory not
being configured as an application in IIS.
...EmployeeList\Web.config 37

After about half day investigating, I finally found that the error is caused by authentication defined in multiple web.config files. According to ASP.NET's recommendation, in a forum discussion, the authentication can only be defined in the root web.config for each APS.NET application or machine config file once.

That means I have to move all the authentication configurations to the root web.config file. In addition to that, in my application case, if a client logs out from the security from master page's LoginStatus control, it should be redirected to the main page or LoginPage.

After all these changes, my application works like charm!