WIF entry point, federated authentication
-
29-10-2019 - |
Question
In an asp.net application, is it possible to have only a handful of pages (.aspx) to be WIF protected while leaving the other pages untouched?
Basically, what I want is when the user land on the HomePage.aspx
, they can browse and be able to go to PageOption.aspx
and PageAbout.aspx
- however when they try to access the PageAccount.aspx
I want the WIF settings kicked in. And if the user is logged in already, then great - otherwise we redirect the user to an STS page where they can get authenticated.
Right now, all of my pages are WIF protected. So if I try to access any of the pages I get redirected to the STS page.
I have tried modifying the web.config file and putting the pages I want WIF protected in a separate folder and give its separate web.config, but no luck so far.
Also, I am getting error if I try to set the <authentication mode..
in the nested web.config. Why can't I do that either?
The error I get is (on line 15):
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error: Line 15:
Just to take it a step further to what I am trying to do is allow forms authentication on the PageOption.aspx
and the PageAbout.aspx
and when user tries to go directly to the PageAccount.aspx
I want then to use federated authentication.
Any security gurus out there that can shed some light on this?
No correct solution