Develop Reference

Allow access to all users to specific page within restricted folder

I have a folder "qc" which is only allowed for the role "warehouse".
In that folder i have a page that I want anyone to access without logging in.
Here's what I've done with web.config but it still redirects me to the login page:
<location path="QC/MyPage.aspx">
<system.web>
<authorization>
<allow users="?" />
<allow roles="*"/>
</authorization>
</system.web>
</location>
<location path="QC">
<system.web>
<authorization>
<deny users="?" />
<allow roles="warehouse" />
</authorization>
</system.web>
</location>

As aswered her you need to repeat it without the aspx extension.
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="test/webform1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>

ASP.NET Forms Authorization not working for per page setup

I'm building a webforms application, separating pages into folders, authorizing web-pages within these folders using the web.config, authorizing pages to authenticated users only and allowing certain pages to certain roles.
I have a 'beheer' folder in which the page1.aspx - page6.aspx reside. I also have a web.config in that folder which is shown below.
I'm logging into the system as a user have the role 'Admin', which would mean that all pages should be available to me, if I go to page3, page4, page5 or page6 it works just fine, but going to page1 or page2 it doesn't work, I get a unauthorized message, even though page2 and page3. I can't seem to figure out what I'm missing.
<configuration>
<system.web>
<authorization>
<deny users="?" />
<!-- Deny all unauthenticated users -->
</authorization>
</system.web>
<location path="Page1.aspx" >
<system.web>
<authorization>
<allow roles="Page1,Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page2.aspx" >
<system.web>
<authorization>
<allow roles="Page3,Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page3.aspx" >
<system.web>
<authorization>
<allow roles="Page3,Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page4.aspx,Page5.aspx,Page6.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>

I doubt you actually have the Admin role assigned. This part seems wrong:
<location path="Page4.aspx,Page5.aspx,Page6.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
You can't specify more than one resource on the path element. See here for more information.
Try changing it into this:
<location path="Page4.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page5.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page6.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

Why wont my app let me turn on tracing?

I have an asp.net application and when I try and turn on the application tracing....
<system.web>
<trace enabled="true" pageOutput="true" requestLimit="40" localOnly="false"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Pages/Account/MyAlerts.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Pages/Account/FullDetails.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Pages/Account/ActivateLicence.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
I get the following error:
I have looked for
<deployment retail=true />
But its not in my config and I really cant see why when I navigate to mysite/trace.axd I get this error.

Look for inherited values from your,
machine.config - if you are using .NET framework 4 its in
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
Root web.config - if you are using .NET framework 4 its in
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
if your application configured as sub folder in IIS your web.config values might have been inherited from parent application.
<deployment retail=true /> is typically used in production web servers in machine.config you can read more about config values inheritance from here http://msdn.microsoft.com/en-us/library/ms178685.aspx

ASP.NET Role based access

I have the following site structure:
What I'd expect this to do was to deny anyone who isn't a logged-in user with the RegisteredUser role, except on Reset.aspx and Validation.aspx, where it would allow anyone (logged-in or not) to access, but this isn't the case right now.
Everyone who isn't a RegisteredUser isn't able to access these two pages, what am I doing wrong?
Update Even this won't work:
<?xml version="1.0"?>
<configuration>
<location path="Reset.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Validation.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
It doesn't make any sense, isn't this supposed to be the system default?

You do not need to map paths, only file names:
<?xml version="1.0"?>
<configuration>
<location path="Reset.aspx">
<system.web>
<authorization>
<allow users="*" />
<deny />
</authorization>
</system.web>
</location>
<location path="Validation.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<allow roles="RegisteredUser" />
<deny users="*" />
</authorization>
</system.web>
</configuration>

Specify more than one directory in Web.Config's Location Path element

In my ASP.NET's Web Config file I have the following location elements defined:
<location path="">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="dir1">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="dir2">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2.
I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
<location path="dir1,dir2,etc">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

You cannot specify multiple elements in the path attribute, but you can make use of the configSource attribute.
For example, the following original web.config file:
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can be replaced by the following equivalent web.config, allow.config, and deny.config files:
web.config
<?xml version="1.0"?>
<configuration>
<location path="form1.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form2.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form3.aspx">
<system.web>
<authorization configSource="allow.config" />
</system.web>
</location>
<location path="form4.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form5.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
<location path="form6.aspx">
<system.web>
<authorization configSource="deny.config" />
</system.web>
</location>
</configuration>
allow.config
<?xml version="1.0"?>
<authorization>
<allow users="*"/>
</authorization>
deny.config
<?xml version="1.0"?>
<authorization>
<deny users="*"/>
</authorization>
The usefulness of this approach increases as the number of allow/deny rules in each section increases.

sorry, but path property doesn't allow to use ","
so you must write tag for all path,
Or you can create web.config in each directory.

it is possible to set path to a specific folder.
For example we have some aspx pages:
/data/pages/form1.aspx
/data/pages/form2.aspx
/data/pages/form3.aspx
By creating this rule in web.config:
<location path="data/pages">
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Frame-Options" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
All resources in data/pages will be affected.

I had a similar issue. so went with the normal way of creating separate tags, no other BETTER solution.