If you want to copy the contents to a Web.Config, the best idea is to go to the source of this Wiki page, and copy it from there. Otherwise the XML might get malformed..

Important! If you copy and paste this to the file Web.Config, make sure that you remove the space before "<?xml", otherwise it won't work.

This configuration will automatically start "login.aspx" everytime a user starts Flexwiki, and will ask for the user to provide username/password. The usernames / passwords are provided under "credentials" in the Web.Config file, and in this configfile, only the users "bla@hotmail.com" and "this@something.com" are granted access (see "authorization"). One thing to note is, that the usernames should be in the format of an email address. Otherwise the login.aspx will complain.

Here's the contents of my Web.Config

 <?xml version="1.0" encoding="utf-8" ?>
 <configuration>
        <appSettings>
                <!-- PUT THE FULL PATH TO THE NAMESPACE MAP FILE HERE -->
                <add key="FederationNamespaceMapFile" value="NamespaceMap.xml" />
                <add key="SMTPServer" value="mail.flexwiki.com" />
                <add key="NewslettersFrom" value="wikinewsletters@flexwiki.com" />


                <!-- Security - Used for Forms and Namespace Security
                        Specify the type of security to use.  Currently the only option is webconfig which indicates to
                        FlexWiki that the user crudentials are kept in the webconfig.
                -->
                <add key="Security" value="webconfig" />
                <!-- DataProviders for the Security -->
                <!-- User DataProvider -->
                <add key="UserDataProvider" value="FlexWikiSecurity" />
                <add key="UserDataProviderClass" value="FlexWikiSecurity.SimpleUserDataProvider" />
                <add key="UserDataProviderConnection" value="UserData.config" />
                <!-- Permissions DataProvider -->
                <add key="PermissionsDataProvider" value="FlexWikiSecurity" />
                <add key="PermissionsDataProviderClass" value="FlexWikiSecurity.SimplePermissionsDataProvider" />
                <add key="PermissionsDataProviderConnection" value="PermissionsData.config" />
                <!-- Role DataProvider -->
                <add key="RoleDataProvider" value="FlexWikiSecurity" />
                <add key="RoleDataProviderClass" value="FlexWikiSecurity.SimpleRoleDataProvider" />
                <add key="RoleDataProviderConnection" value="RoleData.config" />


                <!-- Setting this to true will cause the newsletters to be sent as HTML attachments, 
                     rather than as HTML email. -->
                <add key="SendNewslettersAsAttachments" value="false" />


                <!-- The next two keys are needed for wiki newsletters if your SMTP server requires authentication 
                      If your SMTP server does not require authentication, comment them out. -->
                <add key="SMTPUser" value="email address used for SMTP authentication" />
                <add key="SMTPPassword" value="password used for SMTP authentication" />
                <!-- To Override the style sheet uncomment this line
                <add key="OverrideStylesheet" value="/override.css" />
                -->
                <!-- To show spaces in wiki links by default change this value to "True" -->
                <add key="DisplaySpacesInWikiLinks" value="False" />
        </appSettings>
        <system.web>
        <!--  DYNAMIC DEBUG COMPILATION
          Set compilation debug="true" to enable ASPX debugging.  Otherwise, setting this value to
          false will improve runtime performance of this application. 
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files. -->
                <compilation defaultLanguage="c#" debug="true" />


        <!--  AUTHENTICATION 
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"


          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites. -->
                <authentication mode="Forms">
                  <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
                    <credentials passwordFormat="Clear">
                    <user name="bla@hotmail.com" password="imbatman"/>
                    <user name="john@mail.com" password="redrover"/>
                    <user name="this@something.com" password="mxyzptlk"/>
                    <user name="you@test.com" password="nomalice"/>
                    <user name="mister@fun.com" password="contrary"/>
                    </credentials>
                  </forms>
                </authentication>
                <!--  AUTHORIZATION 
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
          (unauthenticated) users. -->
                <authorization>
                  <allow     users="bla@hotmail.com,this@something.com"/>
                  <deny      users="?"/>
                </authorization>
                <!-- 
                        If you are running .NET framework 1.1 or above, you must uncomment
                        the line below.  validateRequest must be false for 1.1, but 1.0 will 
                        choke on this, so it can't always be present
                -->
                <pages validateRequest="false" />


                <!--  CUSTOM ERROR MESSAGES
                        Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
                        Add <error> tags for each of the errors you want to handle.


                        "On" Always display custom (friendly) messages.
                        "Off" Always display detailed ASP.NET error information.
                        "RemoteOnly" Display custom (friendly) messages only to users not running 
                        on the local Web server. This setting is recommended for security purposes, so 
                        that you do not display application detail information to remote clients.-->
                <customErrors mode="RemoteOnly" />
        </system.web>
 </configuration>

-- WouterCX

Q: We added forms athentication. Our webconfig looks like yours. Logon page shows up, logging in takes us to default page, but when i try to save an edited page I get error on page, object not found or object required or something similar. I'm kinda stuck. I even tried thinking happy thoughts. Any help? Thanks -- ToddSturgeon, 2004-10-28