secure cookie in web.config

Question

I was wondering is there a way to only target a single application with a website? It is possible to have a website which contains different sub folders which each can be triggered a seperate websites.

Now I want to add the secure cookies config to the web.config but only applying it to the application that needs that has the SSL certificate.

Overview:

Website
|-> App1
|-> App2
|-> App3
|web.config

Only app2 should have a special section in the web.config because if I enable secure cookies via requireSSL="true" then App1 and App3 wont work because they do not have a SSL certificate installed. In the bindings of IIS I can trigger only https for a specific domain.

Any ideas?

Answer 1

I think the following should answer and better explain configuration inheritance than I'm about to.

The shorter version, though, is that .NET's starts with a default set of behavior. Configuration then modifies those behaviors starting from the machine.config file. As you drill into more specific levels, they override the parent. So any settings in your website's web.config would take precedence over the machine.config's--but only apply to that site. Similarly, if any configurations are set in a child application's web.config, it would override the parent site's configuration.