In an asp.net application, is it possible to have only a handful of pages (.aspx) to be WIF protected while leaving the other pages untouched?
Basically, what I want is when the user land on the HomePage.aspx, they can browse and be able to go to PageOption.aspx and PageAbout.aspx - however when they try to access the PageAccount.aspx I want the WIF settings kicked in. And if the user is logged in already, then great - otherwise we redirect the user to an STS page where they can get authenticated.
Right now, all of my pages are WIF protected. So if I try to access any of the pages I get redirected to the STS page.
I have tried modifying the web.config file and putting the pages I want WIF protected in a separate folder and give its separate web.config, but no luck so far.
Also, I am getting error if I try to set the <authentication mode.. in the nested web.config. Why can't I do that either?
The error I get is (on line 15):
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error: Line 15:
Just to take it a step further to what I am trying to do is allow forms authentication on the PageOption.aspx and the PageAbout.aspx and when user tries to go directly to the PageAccount.aspx I want then to use federated authentication.
Any security gurus out there that can shed some light on this?
Indeed it is - use the location tag in web.config e.g. Setting authorization rules for a particular page or folder in web.config.
Re. the authentication mode - what did you set - what are you trying to do - what error did you get?