I am using ASP.Net forms authentication to secure a directory called "pro". This is all working fine, however what we want to do is to exclude the root page within the directory - basically this is a sales page detailing the benefits of registering.
So, my question is whether it is possible to secure a directory, but exclude a particular page within that directory?
The other option, which seems pretty easy but not particularly tidy in terms of the file system is to structure my directories like:
/pro/
/pro/default.aspx
/pro/ (secure anything within this folder)
/pro/loggedin/page1.aspx
/pro/loggedin/page2.aspx
Any help greatly appreciated.
Thanks
Al
If you want to allow particular page, then it will be like..
<location path="PageName.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
To protect a folder, try the following:
<location path="/pro">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Related
I'm trying to set a different authentication and authorization for folders in my intranet application (windows authentication) like below. I tried to use location tag, but it doesn't work when the folder's name contains space, otherwise anything works well.
<location path="parentfolder/appro logistique">
<system.web>
<authorization>
<allow roles="domain\groupename"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
How can I fix that?
Thanks for your help.
Have you tried HTML encoding the URL?
i.e.
path="parentfolder/appro%20logistique">
I worked long time back on a website and it has been working fine, recently a problem has been reported, which I need to go through.
In my site there is a folder named repository, which contains files like word and PDF documents and ideally only logged in users are allowed to download them but now it has been observed that anyone who is not logged into the website, can even also download them :(
Is there any wayout to handle it without moving the folder out of the web directory? Like making that folder password protected and only my pages can access the content, any code sample or link will be of high use.
My web application is in ASP.NET 2.0 with C# and server has IIS 6.0.
Thanks in Advance
Edit:
My Web.Config has these tags in it:
<authentication mode="Forms">
<forms slidingExpiration="true" loginUrl="Login.aspx" defaultUrl="HomePage.aspx" name=".ASPXMAIN" timeout="30">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
Use the <location /> tags in the web.config, http://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.71).aspx
<location path="content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
See this answer for more links to msdn documentation: https://stackoverflow.com/a/4280257/426894
You can try with this config in your Web.config (location permit you to define path)
This sample use roles in order to design profil.
Also use users in order to design user.
<location path="~/MembersOnly" >
<system.web>
<authorization>
<allow roles="Members"/>
<deny users="?" />
</authorization>
</system.web>
</location>
I have an asp.net/c# website. I don't want users reach www.example.com/uploads folder like :
I tried this in web.config :
<location path="uploads">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
But it forbids all the files under uploads folder.Users can reach the files but I don't want users see the list of that files. What should I do about this?
I have an asp.net application for which I need to expose a particular subdirectory to the public internet. When I go into the subdirectory's IIS configuration's authentication section, I cannot disable the Forms Authentication.
The setting is marked as read-only.
Google offers many discussions when I search for the error message, but I haven't found a clear, working solution.
You have to use location in root Web.config.
http://support.microsoft.com/kb/815174
<location path="Your directory" allowOverride=”false”>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
In the application's root web.config, open it up and find the "</system.web>" line. Then add something like the code below to enable unrestricted access to a directory:
<location path="MY FOLDER/PATH">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
We have a directory named Admin in the root folder of an ASP.net (4.0) web application.
I have created a route to the Admin/Dashboard.aspx
~/administrator/dashboard/
and it works fine.
I was curious if I could disallow to run the file through direct access, even to the administrators.
~/Admin/Dashboard.aspx
Is it doable?
Please help.
You can do with some web.config setting like below
<location path="~/Admin/Dashboard.aspx">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Create a local web.config in the Admin folder and create an authorization rule inside the config file:
<configuration>
<system.web>
<allow ...
<deny ...
</system.web>
</configuration>
where allow and deny should be tuned to serve your needs. In particular, deny users="*" will forbid everyone from accessing your page.