How does one specify root location in web.config to allow unauthenticated users access it?
The root location is served by default.aspx, but users normally don't see default.aspx, they just see http://mysite.com/.
So I've added
<location path="~/default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Which works if user hits mysite.com/default.aspx, but if user hits mysite.com/ - he is still redirected to login page.
I've tried <location path="~"> (does not help) and also <location path="~/">, <location path=""> (site fails completely) and could not make it work.
Any ideas?
Try this one:
<system.web>
<urlMappings enabled="true">
<add url="~/" mappedUrl="~/default.aspx" />
</urlMappings>
<authorization>
<allow roles="admin"/>
<deny users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
only use
<location path=".">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
or don't write path,because the default path is root(.)
You can achieve by 2 method
Method 1:
You can set redirect path to http://mysite.com/default.aspx in IIS if any user directly comes to your site.in IIS7 you can do that by clicking on Default Document. Here i attached image for your reference
Method 2
You can go through this URL ASp.NET Membership to set your web config settings.
Let me know if you need more detail on this.
The way we done it in the past was to create a folder for all functionality that requires login and set require auth for that folder. All aspx go to that folder. The root of the site stays open.
You probably use a forms authentification no?
<authentication mode="Forms">
<forms loginUrl="~/Default.aspx" />
</authentication>
This will solve your problem. An alternative is:
<location path="~/Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
If you only want to let unauthenticated users to access default.aspx you can use
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
before <system.web> and set that page as default in your web server.
In Visual Studio you can select the page and "Set As Start Page".
If you want to allow access to all the files in the root you have to create folders where you put your pages which need to be accessed by authenticated users.
You can create a Secure folder where you can put all your protected pages and change your web.config this way:
<location path="Secure">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
removing
<authorization>
<deny users="?"/>
</authorization>
To specify root directory you have to set it outside the location block.
<configuration>
<system.web>
<authorization>
<allow users=“*“/>
</authorization>
</system.web>
</configuration>
and then secure your other folder using location block
<location path=“AccessDenied.aspx“>
<system.web>
<authorization>
<deny users=“?“/>
</authorization>
</system.web>
</location>
Use this :
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="~">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
It works for me.
Merk was right!
I used
<location path="">
<system.webServer>
<httpRedirect enabled="true" destination="http://www.newpathdestination.com" exactDestination="true" httpResponseStatus="Permanent" />
</system.webServer>
</location>
on Windows netserver (don't ask), making sure to put nothing in between the quotes for location path. Redirects a request for the old home page to the new home page.
If you want to specify the root of the directory, use <location path="" >
Heey Stackoverflowers
My question is: how do I protect a Page using web.config or Global.asax?
Example:
Direct url www.Yoururlhere.com/Account/Edit.aspx is currently accesible from url bar, but that is not what I want. I have a login page already with database etc working, only it's missing the protection to remove direct access or by Login.
Can you help me? My second web.config for Folder Account is as following:
<?xml version="1.0"?>
<configuration>
<system.web>
<location path="Edit.aspx"/>
</system.web>
<system.web>
<authorization>
<allow users="*"/>
<deny users="?" />
</authorization>
</system.web>
</configuration>
You are writing in the wrong way. It should be like...
<configuration>
<location path="Account/Edit.aspx">
<system.web>
<authorization>
<allow users="*"/>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
In project their is a folder namely customer, inside there is a file namely register.aspx. In web.config have the configuration check like follows
<location path="Customer">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Customer/Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Even i have authorized the register.aspx for unauthorized users but is expecting to authorize. Can any body explain it.
You have to create a Web.Config file in Customer folder and add
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Try switching order of those location nodes. Put allow Register first, and deny Customer second.
I have an ASP.NET app using Ajaxpro and forms authentication. First I was having trouble trying to avoid passing the ajaxpro handlers through authorization, which was resolved when I included them on separate locations on the web.config:
<location path="ajaxpro/prototype.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="ajaxpro/core.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="ajaxpro/converter.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
However, I'm still getting 401 errors when I try to access our AjaxMethods. I event tried to put our types under the following configuration:
<location path="ajaxpro/MyType,MyAssembly.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but that didn't work properly, and I'm still getting 401 responses in some particular cases: I realized that when my requests have some query string values, this setting isn't working.
I wish I could do something like path="ajaxpro/*", but it seems like that is not possible. Does anyone have other ideas?
You should be able to specify the location with folder name only like this:
<location path="ajaxpro">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
My colleague is using an HttpHandler for compression of javascript and CSS (YUI Compressor for .NET) on an ASP.NET Web Application.
He also set up Forms Authentication. The Forms Authentication appears to be blocking the CSS and JavaScript (served by the HttpHandler) from downloading on the login page. Is there a way to exclude this HttpHandler from Forms Authentication?
Add a location tag for those resource paths in your web.config:
<location path="/js">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="/css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I have used this snippet ('CSS' is the folder):
<location path="CSS">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>