I'm struggling to get around this problem with form authorization. I've got it all working as it should, people can only access the pages i specify apart from the root. By that i mean if they go to www.mysite.com they get the unauthorized access page but if i go directly to default.aspx, it works fine.
I'm still learning for please forgive me if it's something blatantly obvious :)
Here's my webconfig code:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I've set my default doc in IIS to default.aspx but that's not fixed it.
How to i allow all user access to the root of my site?
Thanks all!
Update: I've tried this:
<location path="/">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but i get a HTTP Error 500.19 :(
Updated: i've answered my own question - even though i cant answer it yet on here!
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder/pages i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Related
as the title says, i am trying to exclude a few pages such as my register.aspx from Form Authentication Redirection, here is my web.config
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="Login.aspx" protection="All" timeout="120" defaultUrl="Default.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Use the location tag in your web.config.
<location path="register.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
See this article for more information.
so i'm trying to put a forms authentication the problem is i'm getting 401.2 Error when i try to go to my login.aspx page, i'm working with iisexpress
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
<!--<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/"></forms>-->
<!--<forms loginUrl="Login.aspx" timeout="2880" defaultUrl="/" />-->
</authentication>
I tried to add this but it didn't solve my problem
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Content">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="fonts">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
I searched and tried several solution but no chance have you any idea?
Simple Forms Authentication from MSDN
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
very clear and good article I have in bookmarks http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config
Finally i made a workarround like this
I deleted this part :
<authorization>
<deny users="?"/>
</authorization>
then I modified the locations tags like this :
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Users.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Content">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="fonts">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
So when I tru to go to default or users page i'm gettting redirected automatically to login page.
I really searched a lot to understand what i'm doing wrong but didn't find out so I'm adopting this solution for the moment.
I have a test site on the web that I want to block all annoymous access to except logged in users. I also want to have annoymous access to just my login page (account/login)
I don't know how to exclude one path but even the below does not work, forgetting about the path.
<location path="">
<system.web>
<authorization>
<deny users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
Ideally, the following web.config setting should work. Make sure you update two Login.aspx with your login page.
It basically does not allow anonymous access except Login page.
<configuration>
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
</system.web>
<location path="~/Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
I use authencation in asp.net mvc4
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
when I'm not logged in, can not call functions registered in RegisterController. I try
<location path="~/Register">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but is not.
How to solve?
<location path="Register">
<system.web>
<authorization>
<allow roles="roles if any" />
<deny users="*" />
</authorization>
</system.web>
</location>
try this this may work .. change the role if u got any that need access!!
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Registration.aspx" protection="All" timeout="30" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
I added this code in the configuration file and the master page wont appear whenever i load my pages. Why and how can i fix this?
Another issue that i experience is when i go to Website---> ASP configuration,, no WAT window opens!?!
I had to do this in the web.config for one of my sites:
<location path="Scripts">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>