I have a specific page within a webform application which i never want to log out.
It is not within a masterpage
It has an auto refresh tag in the header to refresh the entire page on intervals:
(added via code)
all functions correctly but appears to logout after 2 hours.
You could fix the issue by configuring your web.config for an individual location, like below:
<location path="PATH TO THE FOLDER/FILE THAT YOU DO NOT WANT TO BE AUTHORIZED">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Related
In my asp.net application ,in web.config file i have set authentication mode="forms" and protection="All".But after doing this i get access to login page without any image and css resources .I also need to access my home page without login.How can i do this kindly help.
In the web.config, you will need to add a location that allows all user to access the images and CSS files. Something like:
<location path="images">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
That should sit under the root node of the config file.
You can do the same for the homepage, adjusting the value of path to the correct location.
Possibly a stupid question:
I have a site, developed by an outside company, which requires logon for all pages.
We'd like to add a single page to the site that DOESN'T require the user to be logged in...so they can click the link on the logon page to view "T&C's" type info.
Is this possible?
(ASP.Net 4.0 on IIS)
If you're using the ASP.Net membership providers you can specify this in the web.config file. Where for blocked pages you would expect:
<authorization>
<allow roles="granted"/>
<deny users ="*"/>
</authorization>
you can specify this per folder (or per page):
<location path="terms.aspx">
<system.web>
<authorization>
<allow users ="*"/>
</authorization>
</system.web>
</location>
to allow everyone access to this specific page.
Note that you can create a specific web.config in a folder in your website, these settings override the general web.config. This allows you to customize these settings per folder level.
Thanks to oɔɯǝɹ for pointing me in the right direction:
Added this after my node
<location path="terms.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Will this only have static content? Is it the asp.net application dealing with authentication?
If so you can just upload a .html file containing simple HTML (and your T&C) which will be served no problem to anyone requesting it.
I'm looking to deploy a web app and I have a simple question about the <location> tag of the web.config file. For the moment, I want all the pages to be password protected and I've created a simple login page with the login object. I've put all my .aspx file in a directory called AppMyPages and I've put this in the config file:
<location path="AppMyPages">
<system.web>
<authorization>
<allow roles="tester" />
<deny users="*" />
</authorization>
</system.web>
</location>
If I want to fully protect my site, do I need to do the same thing for all the other folders (AppCode, AppData, MyJavascripts, MyStylesheets, MyImages....)?
Thanks.
You don't have to do AppCode/AppData, but you need to be careful restricting the MyJavascripts/Stylesheets/Images if any of those resources are used on unauthenticated pages (e.g. Login page).
I have given the particular permission for the particular user.
Only that menu will be enabled which permission is set for that user.
I have two problems....
1) Menu item should be invisible rather than disable
2) If any User copy the page name which it has no access and can open it..
Suggest any....(urgent)
you can add this in the page load
if (!HttpContext.Current.User.IsInRole("YourRole"))
{
Response.Redirect("~/AccessDenied.aspx");
}
you can manage the menu security by using ASP.NET Site-Map Security Trimming but if you want to prevent the uses from accessing the page through the url you can use put it inro your web.config file like:
<location path="securedAdministrationPage.aspx">
<system.web>
<authorization>
<deny users="*" />
<allow users="*" roles="Admins"/>
</authorization>
</system.web>
</location>
this link will help you http://wiki.asp.net/page.aspx/653/aspnet-webconfig--location-and-authroization-tags/
You should look into the <location> element in <system.web> section of web.config. There you can set access rules as simple as
<authorization>
<allow roles="Admin" /> <!--allows access to admins-->
<deny users="*" /> <!-- denies access to any other users -->
</authorization>
More info here
I would suggest putting your navigation into an user control and then use a switch statement or such, as well as the location section in the webconfig.
In the switch statement you can then use the 'Visible' attributes to hide the nav links (make sure they have a runat="server") from the users who do not have permission to view certain pages, dependant on their role (if using asp.net membership)
I'm trying to test this out on my site but it doesn't quite work because I have to be logged in to go to this page.
Is there a configuration setting that I haven't set or set incorrectly?
EDIT: rm's answer led me to this link from Microsoft.
adding to Arjan's answer, the settings for page permissions are in your web.config file.
you should do something like this:
<configuration>
<location path="YourPage.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
I'm guessing that the page containing the PasswordRecovery control is in a accesscontrolled folder.
So when trying to reach that page, you're being redirected to the login page again...