Bypassing authentication

[John]

Hi

I have established form authentication so every page on the site send the
access to a specific login page. I need however to bypass the authentication
for my web service page to allow it to be accessed without login. How can I
selectively exclude a page from form authentication?

Thanks

Regards

 

[Teemu Keiski]

In web.config with <location> element

<configuration>
<location path="exclude.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<! -- Normal config goes here as before -->
<system.web>

</system.web>
</configuration>

 

[John]

I have used below but no luck. Am I missing something?

Thanks

Regards

<location path="~FolderA/FolderB/a.asmx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

 

[Teemu Keiski]

Try without tilde (~ ) in path attribute

Here's docs about <location> element:
http://msdn2.microsoft.com/en-US/library/b6x6shw7(VS.80).aspx

 

[John]

This worked (below). Note the * and no ~.

<location path="FolderA/FolderB/a.asmx">
<system.web>
<authorization>
<allow users="*"></allow>
</authorization>
</system.web>
</location>

 

[Teemu Keiski]

As I said, no tilde. ;-)

allow="?" means just that allow unauthenticated users to access the page
(not sure if that makes difference here, but that depends on how you users
are accessing it). allow="*" means that all are allowed.

--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke