the current version of ASP.NET doesn't support authentication in non-virtual sub-directories, so you can try:1. make admin/shop/user all virtual directoriesor2. if your admin/shop/user are not virtual directories, authenticate the user in the root level, say, with login.aspx, then use role-based securities, so only role "Admins" can visit admin directory, role "Shop" can visit shop directory,.... root-level web.config: <configuration> <system.web> <authentication mode="Forms"> <forms name="401kApp" loginUrl="/login.aspx" /> </authentication> </system.web> </configuration>the web.config in admin directory:<configuration> <system.web> <authorization> <allow roles="Admins" /> <deny users="*" /> </authorization> </system.web> </configuration> seeRole-based Security with Forms Authentication http://www.codeproject.com/aspnet/formsroleauth.asp
root-level web.config:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="401kApp" loginUrl="/login.aspx" />
</authentication>
</system.web>
</configuration>the web.config in admin directory:<configuration>
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
seeRole-based Security with Forms Authentication
http://www.codeproject.com/aspnet/formsroleauth.asp
建议自己写验证
可以创建一个类将是否登陆,是否具有权限,以及角色的问题写成不同的方法,并在其中处理错误。在需要的地方引用就好,简单又方便,不算很烦!