Web.config file to password protect a directory in any ASP.net web site

Phil Sando

<< Scope Identity (short but sweet) | Home | Simple web form that posts XML to a web service >>

Here is my web.config used to login protect a folder called administration;

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
    <customErrors mode="Off">
    </customErrors>
    <authentication mode="Forms">
      <forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="999999">
        <credentials passwordFormat="MD5">
          <user name="admin" password="21232F297A57A5A743894A0E4A801FC3" />
        </credentials>
      </forms>
    </authentication>
    <authorization>
      <allow users="?" />
      <allow users="*" />
    </authorization>
    <trace enabled="true" localOnly="false" />
</system.web>
<location path="administration">
    <system.web>
      <authorization>
        <allow users="admin" />
        <deny users="*" />
      </authorization>
    </system.web>
</location>
</configuration>

I'm using it in this asp.net vb web site which I built from some tutorials and added a few extra bits of functionality to.

Posted on Saturday, February 27, 2010 2:52 PM | Back to top

Comments on this post: Web.config file to password protect a directory in any ASP.net web site

# re: Web.config file to password protect a directory in any ASP.net web site

Thanks good post, but I have a question. What would be web.config setting to protect folder by using IP address? I don't want let users to type passwords, the rule should be simple if user IP == "bla" then user can see the page else redirect to someother page.

Left by Kabroo on Dec 23, 2010 2:13 AM

# re: Web.config file to password protect a directory in any ASP.net web site

Thanks for sharing the code.
I have a similar task of protecting the folder called 'Admin' which holds couple of files which i want to the end user to access after login. i have managed to use your code and the user is being asked for login credentials. but after logging in its redirected to the default.aspx page instead of returlUrl. Please help! I am new to ASP .Net and don't have any experience. It would be great if you could provide me sample files for the same. i am struggling with this for 10 days.

Left by Abdul Kaleem on Dec 23, 2010 8:05 AM

# re: Web.config file to password protect a directory in any ASP.net web site

I'm not a coder, but I appreciate your above code. I put some good effort in but I think I'm doing things a**backwards.

Would you be kind to modify the code for me to password protect the following test directory?

www.gofrontrunners.com/feedback/testsub

Test username: XXXXX
Test pw: YYYYY

Also, I have a web.config already in my root, but I'm protecting the above subdirectory. Do I simply modify the web.config in the root or create a new web.config to sit in the above directory? Really appreciate.

Thank you SO much for your time & caring.
Bob

Left by Bob on Oct 09, 2012 6:18 AM

Your comment:

Title:

Name:

Email: (never displayed) (will show your gravatar)

Comment: Allowed tags: blockquote, a, strong, em, p, u, strike, super, sub, code

Verification: