I have the authentication which will redirect the unregister user to Login.aspx. At the bottom of the page,there are a link button will redirect the user to forgotPassword.aspx
With having the authentication, i discover it don't allow the unregister user to go forgotPassword.aspx but staying in the same page.
so some expert have shown me this code..
can anyone provide me the code in web.config here?
some expert have provided me the code..but i find no where to locate this code in web.config, none of them tell me where to locate it..click this link ..im abit confused.. please provide me whole web.config code so i can have overall idea :( thankss
You need to put it between the main configuration elements:
<configuration>
<!--You have other configuration elements here-->
<location path="passwordrecovery.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Just don't forget to accept an answer from your original question.
UPDATE
It is important to note that the above assumes that the passwordrecovery.aspx file is located in the same location as the web.config file that contains that above configuration. If the passwordrecovery.aspx file is located somewhere else, you will need to change the path attribute.
So, assuming the web.config is in the root of your site, and the passwordrecovery.aspx file is in the folder /Presentation/Display then you will need to update the code as follows:
<configuration>
<!--You have other configuration elements here-->
<location path="Presentation/Display/passwordrecovery.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Another alternative is to keep the original configuration provided, but create it in a new web.config file that is located in the same folder as the passwordreovery.aspx file.
Related
I'm trying to set a different authentication and authorization for folders in my intranet application (windows authentication) like below. I tried to use location tag, but it doesn't work when the folder's name contains space, otherwise anything works well.
<location path="parentfolder/appro logistique">
<system.web>
<authorization>
<allow roles="domain\groupename"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
How can I fix that?
Thanks for your help.
Have you tried HTML encoding the URL?
i.e.
path="parentfolder/appro%20logistique">
I have this in the web.config
<location path="SomeDir/SomeSubDir">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
How do I change this so that this rule only applies when the app is not running on localhost? Is there a way to make the rule detect the environment?
I would remove the deny from the web.config and use something like this in the page load event.
if(!HttpContext.Current.Request.IsLocal && !User.Identity.IsAuthenticated)
Response.Redirect("Login.aspx");
Config Transformations will give you a Web.Release.config that will transform your Web.Config when you publish with the Release settings.
If you don't already have the transform files, you will need to right-click the Web.config file and then click Add Config Transforms.
Here is the MSDN How to: Transform Web.config When Deploying a Web Application Project.
Your Web.Release.config file would look something like this:
<configuration xmlns:xdt="...">
<location xdt:Locator="Match(path)" xdt:Transform="Remove" />
</configuration>
Which will result in that location element being removed when you do a Release publish.
on local machine ,i created sample project on mvc4 (razor) and create directory named "x" and put a text file "a.txt" in it.
http://localhost:64471/x/a.txt
in my web config i deny all user to access to "x" folder by this config:
<location path="x">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
Now if user send this request :
http://localhost:64471/x/
it works and return user to URL that defined in forms tag in web config.
but when user send this request :
http://localhost:64471/x/a.txt
can read text file in browser(browser shows contents of text file).
i want to know how to deny user to access all files and subfolders in "x" folder?
I know this is an old question, but if you are having issues and dealing with text or html files, you might want to refer to this stackoverflow question.
In short, you might need to add this to your web.config:
<system.webServer>
<modules>
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules>
</system.webServer>
As kirk points out, files such as .txt and .html files are handled by IIS and not ASP.NET, so the authorization rules aren't applied to them.
I tested with path="x" in root web.config. It restrict everything under x folder; it won't even let me browse ~/x. I get redirected to login page.
Could you try full path to a.txt like this in root web.config?
<location path="x/a.txt">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
If it still doesn't work, you can try creating a web.config inside x folder with the following content.
<?xml version="1.0"?>
<configuration>
<location path="a.txt">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
<location path="ArchiveNews.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
I want to deny un-authenticated users to the ArchiveNews.aspx. For some reason this code doesn't want to work. Can anyone help?
Does this web.config exist in the same directory as your ArchiveNews.aspx file? It needs to be in the same directory for your config snippet to control access to that file.
Just disable anonymous access in the gui iis manager for this site/application.
I am using ASP.Net forms authentication to secure a directory called "pro". This is all working fine, however what we want to do is to exclude the root page within the directory - basically this is a sales page detailing the benefits of registering.
So, my question is whether it is possible to secure a directory, but exclude a particular page within that directory?
The other option, which seems pretty easy but not particularly tidy in terms of the file system is to structure my directories like:
/pro/
/pro/default.aspx
/pro/ (secure anything within this folder)
/pro/loggedin/page1.aspx
/pro/loggedin/page2.aspx
Any help greatly appreciated.
Thanks
Al
If you want to allow particular page, then it will be like..
<location path="PageName.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
To protect a folder, try the following:
<location path="/pro">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>