I have created a login page. In this page i used div tag which is mapped with images for good design purposes. i have enabled the forms authentication in web.config.
So finally images i mapped in div is not appearing in the login page.
please help me!
If the images are not meant to be protected and should be visible on all pages, then I would add a location tag in the main web.config:
<location path="images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Add a web.config file to your images directory containing the following:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
This will allow your login page, which is usually viewed by unauthenticated users, to show images.
I assume the images are not displaying due to access? Where do the images exist? If they exist in a directory that is locked down to forms authentication, the pictures cannot display.
Try adding a web.config file to your images directory and to allow public access to these files.
Here is what the web.config should contain:
<?xml version="1.0"?>
<configuration>
<location path="images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<!-- Your normal web.config stuff here -->
</system.web>
</configuration>
Also check your IIS settings for the application in general to make sure you are allowing anonymous access.
EDIT: Make sure to move your images to a folder that does not require authorization. If you have them in the same directory as your secured aspx pages then you won't be able to access them.
EDIT 2: Included the info provide by Thomas and Sky Sanders as it included a better solution. See comment threads on answers for more information.
Related
I have an ASP.net application with target framework 3.5. I have create a help file named UserGuide.pdf and provided a menu item on the page. when user clicks the help menu this PDF file is opening in the new tab of the browser. I use Windows Authentication for the same application.
My problem is, the .pdf file can be accessed directly by using the URL, and I have to stop it somehow. What is a quick way to do it?
There are probably other ways...
Since you already using user based authorization...it should be a snap.
But read about it an learn what all is involved Documentation
The web.config goes into the same folder as the documents...so you could possibly end up with several web.configs.
It will look something like this...again read the documentation.
(Using Admin role for example)
<?xml version="1.0"?>
<configuration>
<!-- this would be for just that one file -->
<location path="UserGuid.PDF">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<!-- this would be for whole directory -->
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
**Note...if any mistakes are present...please feel free to correct.
I am creating a login page using forms authentication method.
I have inserted a image in login page but image is not visible in Browser.As it is viewed in design view in Visual Studio.
I think there is a issue in accessing image directory by anonymous user.I have used the following code in Web.config
<location path="/images">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
I have solved it. I have added Web.cofig with following code in images and css folder to give them anonymous access.
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
Possibly a stupid question:
I have a site, developed by an outside company, which requires logon for all pages.
We'd like to add a single page to the site that DOESN'T require the user to be logged in...so they can click the link on the logon page to view "T&C's" type info.
Is this possible?
(ASP.Net 4.0 on IIS)
If you're using the ASP.Net membership providers you can specify this in the web.config file. Where for blocked pages you would expect:
<authorization>
<allow roles="granted"/>
<deny users ="*"/>
</authorization>
you can specify this per folder (or per page):
<location path="terms.aspx">
<system.web>
<authorization>
<allow users ="*"/>
</authorization>
</system.web>
</location>
to allow everyone access to this specific page.
Note that you can create a specific web.config in a folder in your website, these settings override the general web.config. This allows you to customize these settings per folder level.
Thanks to oɔɯǝɹ for pointing me in the right direction:
Added this after my node
<location path="terms.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Will this only have static content? Is it the asp.net application dealing with authentication?
If so you can just upload a .html file containing simple HTML (and your T&C) which will be served no problem to anyone requesting it.
I'm looking to deploy a web app and I have a simple question about the <location> tag of the web.config file. For the moment, I want all the pages to be password protected and I've created a simple login page with the login object. I've put all my .aspx file in a directory called AppMyPages and I've put this in the config file:
<location path="AppMyPages">
<system.web>
<authorization>
<allow roles="tester" />
<deny users="*" />
</authorization>
</system.web>
</location>
If I want to fully protect my site, do I need to do the same thing for all the other folders (AppCode, AppData, MyJavascripts, MyStylesheets, MyImages....)?
Thanks.
You don't have to do AppCode/AppData, but you need to be careful restricting the MyJavascripts/Stylesheets/Images if any of those resources are used on unauthenticated pages (e.g. Login page).
I have a project containing an image, css and js folder.
I want to make sure no css, image or js is blocked when using formsauthentication.
I know you can do this with the locationtag in the web.config but I was wondering if you could do this otherweise?
this is how I do it right now:
<location path="css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I'm using asp.net (c#) with iis 7.0.
Cheers,
M.
Set the folder permissions for your CSS/images directories, to allows anonymous access.
This is done in the web.config, not filesystem permissions.
It is a good practice to serve static resources such as images and css from a cookie-free domain.
I was seeking the same answer however in my case it is allowing access to CSS, Images and JS files by default. I think it only requires authentication if for ASPX (etc).
Also, I am using deny users "?" rather than "*"