I use authencation in asp.net mvc4
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
when I'm not logged in, can not call functions registered in RegisterController. I try
<location path="~/Register">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but is not.
How to solve?
<location path="Register">
<system.web>
<authorization>
<allow roles="roles if any" />
<deny users="*" />
</authorization>
</system.web>
</location>
try this this may work .. change the role if u got any that need access!!
Related
as the title says, i am trying to exclude a few pages such as my register.aspx from Form Authentication Redirection, here is my web.config
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="Login.aspx" protection="All" timeout="120" defaultUrl="Default.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Use the location tag in your web.config.
<location path="register.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
See this article for more information.
I have a test site on the web that I want to block all annoymous access to except logged in users. I also want to have annoymous access to just my login page (account/login)
I don't know how to exclude one path but even the below does not work, forgetting about the path.
<location path="">
<system.web>
<authorization>
<deny users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
Ideally, the following web.config setting should work. Make sure you update two Login.aspx with your login page.
It basically does not allow anonymous access except Login page.
<configuration>
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
</system.web>
<location path="~/Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
I'm struggling to get around this problem with form authorization. I've got it all working as it should, people can only access the pages i specify apart from the root. By that i mean if they go to www.mysite.com they get the unauthorized access page but if i go directly to default.aspx, it works fine.
I'm still learning for please forgive me if it's something blatantly obvious :)
Here's my webconfig code:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I've set my default doc in IIS to default.aspx but that's not fixed it.
How to i allow all user access to the root of my site?
Thanks all!
Update: I've tried this:
<location path="/">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but i get a HTTP Error 500.19 :(
Updated: i've answered my own question - even though i cant answer it yet on here!
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder/pages i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Login.aspx, passwordrecovery.aspx, and register.aspx should be the only pages accessible for logged in users. I have the following in my webconfig:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
I have the following in my configuration element of my webconfig:
<location path="images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="css">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="register.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="passwordrecovery.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I get an Error: ASP.NET Ajax client-side framework failed to load. alert box when viewing any of the public pages. How do I allow access to the asp.net client-side framework (using the location tags?)?
Check the actual url that is requested. I think those will be the calls to Webresource.axd.
I checked fiddler and added the following:
<location path="Telerik.Web.Ui.WebResource.axd">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Ajax client side framework now loads - error message is gone. For those not using the Telerik controls - I'm sure you can use something similar to:
<location path="WebResource.axd">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I agree with Greg, put all your public resources in the root and place any protected items in a subfolder.
Ex:
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="subfolderName">
<system.web>
<authorization>
<allow roles="myRole" />
<deny users="*" />
<!-- deny unknown users -->
<deny users="?" />
</authorization>
</system.web>
</location>
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Registration.aspx" protection="All" timeout="30" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
I added this code in the configuration file and the master page wont appear whenever i load my pages. Why and how can i fix this?
Another issue that i experience is when i go to Website---> ASP configuration,, no WAT window opens!?!
I had to do this in the web.config for one of my sites:
<location path="Scripts">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>