My colleague is using an HttpHandler for compression of javascript and CSS (YUI Compressor for .NET) on an ASP.NET Web Application.
He also set up Forms Authentication. The Forms Authentication appears to be blocking the CSS and JavaScript (served by the HttpHandler) from downloading on the login page. Is there a way to exclude this HttpHandler from Forms Authentication?
Add a location tag for those resource paths in your web.config:
<location path="/js">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="/css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I have used this snippet ('CSS' is the folder):
<location path="CSS">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
Related
I would like to deny anonymous users access to the folder 'test' but exclude and allow access to a file 'webform1' inside the test folder. Why does this not work?
<location path="test">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Here is a link to a sample webforms project https://github.com/uselesshasid/StackOverflow_Question_38597397
This is probably a bug in asp.net, with the way it handles authorization when friendly url's are used.
I changed the web.config to define by versions of the file url, and it works.
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="test/webform1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
How does one specify root location in web.config to allow unauthenticated users access it?
The root location is served by default.aspx, but users normally don't see default.aspx, they just see http://mysite.com/.
So I've added
<location path="~/default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Which works if user hits mysite.com/default.aspx, but if user hits mysite.com/ - he is still redirected to login page.
I've tried <location path="~"> (does not help) and also <location path="~/">, <location path=""> (site fails completely) and could not make it work.
Any ideas?
Try this one:
<system.web>
<urlMappings enabled="true">
<add url="~/" mappedUrl="~/default.aspx" />
</urlMappings>
<authorization>
<allow roles="admin"/>
<deny users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
only use
<location path=".">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
or don't write path,because the default path is root(.)
You can achieve by 2 method
Method 1:
You can set redirect path to http://mysite.com/default.aspx in IIS if any user directly comes to your site.in IIS7 you can do that by clicking on Default Document. Here i attached image for your reference
Method 2
You can go through this URL ASp.NET Membership to set your web config settings.
Let me know if you need more detail on this.
The way we done it in the past was to create a folder for all functionality that requires login and set require auth for that folder. All aspx go to that folder. The root of the site stays open.
You probably use a forms authentification no?
<authentication mode="Forms">
<forms loginUrl="~/Default.aspx" />
</authentication>
This will solve your problem. An alternative is:
<location path="~/Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
If you only want to let unauthenticated users to access default.aspx you can use
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
before <system.web> and set that page as default in your web server.
In Visual Studio you can select the page and "Set As Start Page".
If you want to allow access to all the files in the root you have to create folders where you put your pages which need to be accessed by authenticated users.
You can create a Secure folder where you can put all your protected pages and change your web.config this way:
<location path="Secure">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
removing
<authorization>
<deny users="?"/>
</authorization>
To specify root directory you have to set it outside the location block.
<configuration>
<system.web>
<authorization>
<allow users=“*“/>
</authorization>
</system.web>
</configuration>
and then secure your other folder using location block
<location path=“AccessDenied.aspx“>
<system.web>
<authorization>
<deny users=“?“/>
</authorization>
</system.web>
</location>
Use this :
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="~">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
It works for me.
Merk was right!
I used
<location path="">
<system.webServer>
<httpRedirect enabled="true" destination="http://www.newpathdestination.com" exactDestination="true" httpResponseStatus="Permanent" />
</system.webServer>
</location>
on Windows netserver (don't ask), making sure to put nothing in between the quotes for location path. Redirects a request for the old home page to the new home page.
If you want to specify the root of the directory, use <location path="" >
My site (WebForms, C# 4.0) is using Forms Auth and by default requires login:
<authorization>
<deny users="?"/>
</authorization>
I allow unauthenticated access to the public folder (http://siteurl.com/member/public):
<location path="member/public">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
It all works fine. Then, I added a route (RouteTable.MapPageRoute(...)), so that
http://siteurl.com/member/public/view.aspx?username=someusername
can be accessed by going to:
http://siteurl.com/member/view/someusername
My problem is - now I also need to add member/view location to web.config to allow unauth access to it, so I have to have two entries for technically the same location:
<location path="member/public"> <!-- physical location -->
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="member/view"> <!-- route -->
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
I will have a bunch of those routes to pages in member/public folder, so looks like I'd have to list each of them in web.config, and it doesn't sound right...
Is there any way to tell ASP.NET to automatically apply physical path auth rules to the routing so that I woudl only need to specify unauth access to member/public and all routes to the location would automatically gain access?
Thanks!
<authentication mode="Forms">
<forms loginUrl="Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
I am using forms authentication, and when i place the arguments cited above, the css formatting I have done for the whole document is not being implemented, it's vanishing. what should i be doing so that the CSS remains intact.
I assume that your login form has an external CSS file, and that you're using Cassini or IIS 7 integrated mode.
Your <deny users="?"/> is preventing anonymous users from seeing the login form's CSS files.
You need to use the <location> element to allow anonymous users to see the CSS files, like this:
<location path="CSS">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Use the location element to allow access to your css:
<configuration>
<location path="style.css">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
<location path="Images">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
**
please add this code in web config file
<globalization requestEncoding="utf-8" responseEncoding="utf-8"
culture="en-GB"/>
I started using dotless in my asp.net site which requires a special httphandler to work. The site uses Forms Authentication. Here's the problem: When I'm logged in the request to http://example.org/stylesheets/mystyles.less works fine. It gives me back the appropriate css. If I'm not logged in the request is denied and I'm redirected to the login page. Is there a way to allow this file to be accessed anonymously? This is not working:
<location path="~/stylesheets">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
The problem is with the path syntax.
This does not work:
<location path="~/stylesheets">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This DOES work:
<location path="stylesheets">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Not sure if this is the problem but you're missing a quote mark in your xml.
<location path="~/stylesheets">