I then wanted to make some pages (i.e. the shopping basket and certain searches) available to only registered users. I created a new folder in the directory called 'reg' and put a web.config file in there requiring people to login. I got this working properly and then moved my shopping basket pages into the folder. All the pages worked except those which try to read from the DataTable and I now get the following error...
System.NullReferenceException: Object reference not set to an instance of an object
when I try to read a row from the DataTable which is sourced from the Session State.
I can still access and use copies of the shopping basket etc in my root folder but they are not protected in there. I assume it's something to do with the session State being used from inside the folder.
Any ideas how I can cure this problem? Surely there's got to be a way to have this working?
All help welcomed.
Cheers
Steve Gordon
www.celebrity-hunt.co.uk
Are you using two separate virtual directories? Session state cannot be shared between IIS applications. You have two choices that I know of:
1 - place both directories under one virtual directory (IIS application) and use the <location> element in your web.config file to specify different <authorization> elements for different folders/pages.
2 - Persist the data in a database and create a session variable in each application.
Thanks for responding so fast!
I created the first application directory to create the original site with and then realised I needed to include authorisation as well.
At first I created just a normal directory and set up the authentication but it gave the following error...
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
This is my folder structure...
HMD (Application)
- images
- css
- data
- reg (For authenication and set to application to get it working)
I must say I'm not trying to share the session state though. All the pages that use it should be in the 'reg' folder. Still it sounds like I might have to do what you said in choice #1. If so how do I do this? Do all files go in the root directory, with a different web.config file?
Cheers!
Steve Gordon
www.celebrity-hunt.co.uk
Any further help with carrying out what you've explained in point number 1 would be appriciated.
I think I understand what your saying but I'm teaching myself as I go with this and I'm still not sure how to correct the problem.
Thanks,
Steve Gordon
I must say I'm not trying to share the session state though. All the pages that use it should be in the 'reg' folder.
I'm not sure why this is not working then. If this is the case, you should be able to make the reg folder into an IIS application (virtual directory), and create a separate web.config file for it. This will allow you to share your shopping basket on the pages within the restricted area of your site.
Usually though, most sites will allow anonymous users to fill a shopping basket, and only require that they register before checking out.
Still it sounds like I might have to do what you said in choice #1
If your not sharing your shopping basket between the restricted and non-restricted areas of your site, I don't see why.
If so how do I do this? Do all files go in the root directory, with a different web.config file?
If you want to share your session state between secured and unsecured areas of your site, you can do this by placing all of your files and directories under a single IIS application (web site or virtual directory). In this case, you should not make yourreg directory into an application; just leave it as a subdirectory.
Under this model, you would use a single web.config file under your root directory. Specify your <authentication> section, and specify a default <authorization> section that allows access to all users:
<authorization>
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
Now, you need to lock down the files under yourreg directory. To do that, place a <location> section in your web.config file that defines an alternate <authorization> section for the specified location:
<location path="secured_path">
<system.web>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
</system.web>
</location>
Change thesecured_path to the file or directory you would like to secure.
Hope this makes sense. This stuff is available in the SDK documentation if you're interested in a more detailed explanation. Good luck with it.
Thanks! That makes sense to me.
I think I may be getting somewhere with this now. I'll try including what you've said into my code and see if I can finalise it all.
Cheers for taking the time to respond.
Steve Gordon
www.celebrity-hunt.co.uk
0 comments:
Post a Comment