advertisement

Article:
  ASP.NET Forms Authentication - Part 1
Subject:   Emergency-Form level authentication
Date:   2004-06-03 09:02:25
From:   WayneSO
Response to: Emergency-Form level authentication

Mohsen,


I also need to allow access to all users on some pages in my applicaion while using forms authentication. Have you had any replies to your post or have you figured out how to do this?


Thanks,
Wayne
Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Emergency-Form level authentication
    2004-06-10 16:38:26  altanic [Reply | View]

    look into the URLAuthorization stuff. I don't claim to have a solid handle on this but I've accomplished a working example on doing exactly what you guys ask for by setting each file/folder's authorization settings in the web.config file.

    You would want to add an element such as:
    <location path="PublicPage.aspx">
    <system.web>
    <authorization>
    <allow users="*"/>
    </authorization>
    </system.web>
    </location>

    for each item/folder you want to be freely available to everybody. Conversely, you could open your whole site to allow users="*" and then change the above to:

    <location path="protected_directory">
    <system.web>
    <authorization>
    <deny users="?"/>
    </authorization>
    </system.web>
    </location>

    so as to protect this one directory. (or page if you like)

    I think the key comes in understanding the <location> element and how it is used. Once you learn this you'll know enough.
    • Emergency-Form level authentication
      2004-09-10 14:23:49  Bev3 [Reply | View]

      Thanks ... I inherited a site that required an initial login ... as soon as the site was accessed, the first page was a login.aspx page.

      It was later decided to have an open website with the previously secured information linked to from the default.aspx page.

      Using the .Net 'Solution Explorer', I created a new subdirectory called "dbpages" and, again using the .Net 'Solution Explorer', I cut/pasted all of the original root directory pages and subdirectories into "dbpages".

      After a lot of hair pulling / trying web.config files in subdirectories / wandering the web looking for a solution, I read this about <location> and tried it ... thanks much!

      Previously, my root web.config was:

      <?xml version="1.0" encoding="utf-8"?>
      <configuration>
      <system.web>
      <authentication mode="Forms">
      <forms name=".myCookie" loginUrl="./Login.aspx" protection="All" timeout="40" path="/"/>
      </authentication>

      <authorization>
      <deny users="?"/>
      </authorization>

      </system.web>
      </configuration>

      Now, my root web.config is:

      <?xml version="1.0" encoding="utf-8"?>
      <configuration>
      <location path="dbpages/">
      <system.web>
      <authentication mode="Forms">
      <forms name="./dbpages/myCookie" loginUrl="./dbpages/Login.aspx" protection="All" timeout="40" path="./dbpages/"/>
      </authentication>

      <authorization>
      <deny users="?"/>
      </authorization>

      </system.web>
      </location>
      </configuration>

      I've left out a lot of <compilation> and <appSettings> as not pertinent to the discussion.

      I also do not have/need any othe web.config than the one in the root directory ... thanks again!
-->