Securing a folder in an ASP.NET web application fails to be secured after publishing



You’re using all the cool .NET MembershipProvider and RoleProvider technology to secure folders and pages on your web app and everything works fine during development (all security works), but as soon as you publish to your web server, your site fails to protect your pages and folders that you spent a good deal of time setting up with roles based rules.


The ASP.Net Web Site Administration Tool generates a new web.config file inside of each secured folder.  These web.config files are where the rules are actually stored.  The ASP.NET Web Site Administration Tool does not add those web.config files to your projects in your solution.  So, when you publish directly from Visual Studio, Visual Studio will not publish these new web.config files.  You’ll either need to manually publish each of these files, or, better yet, add these web.config files to your project so you don’t have to worry about it anymore.

In the image below, I’ve secured the “Admin” folder using the ASP.Net Web Site Administration Tool.  The web.config file was created on the hard drive in the right folder, but Visual Studio was not aware of it.  I had to manually add it to the project.  After that, whenever I publish, it successfully publishes with the rest of the project.


Below:  The ASP.Net Web Site Administration Tool showing the role based security for the Admin folder.


Leave a Reply