Exclude pages from authentication!

[Adam J Knight]

Hi all,

I have an app that mostly requires authentication.

However there are a couple of pages that don't require authentication..

What do i need in my web.config, to specify these pages don't require
authentication..
thus the user is not redirected to my default login url..when they ('pages')
are requested.

Cheers,
Adam

 

[Teemu Keiski]

Hi,

you can do that with <location> (path can either be single page or a
directory). Note that <location> element is placed right under
<configuration> element, not under the default <system.web> in standard
web.config

<location path="publicpage.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

 

[Adam J Knight]

Hi,

I am not to clued up when it comes to Web.config.

Here is a butchered version, probably totally wrong..that attempts to
acheive what i am after.

Obviously it is incorrect, and producing an error..Would appreciated the
correct syntax!!!!

This is an attempt to apply authentication to a 'Admin' subject directory,
but have no security on pages in root directory...

Cheers,
Adam

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnStr" value="Data Source=myDataSource;Initial
Catalog=myDb;User=myUser; Password=myPassword"/>
</appSettings>
<system.web>
<compilation defaultLanguage="c#" debug="true"/>
<customErrors mode="RemoteOnly"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

 

[Teemu Keiski]

You need to specify <authentication> etc on the root level, therefore you
need to do it kind of twisted

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<appSettings>
<add key="ConnStr" value="Data Source=myDataSource;Initial
Catalog=myDb;User=myUser; Password=myPassword"/>
</appSettings>

<system.web>
<!-- Authentication element on root level, just specify with
authorization that root level is public -->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx"/>
</authentication>
<authorization>
<allow users="*" />
</authorization>

<compilation defaultLanguage="c#" debug="true"/>
<customErrors mode="RemoteOnly"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>

<!-- Deny Access to Admin folder -->
<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

</configuration>