Disable FORMS AUTHENTICATION selectively in 2.0

[Ben]

Hi,
I have implemented a .NET 2.0 app which uses Forms Authentication, sets
a cookie upon succesful validation from DB etc. Everything works as
expected and all pages go to the login page before being sent to the
requested page etc.
Now the requirements have changed and I need to allow certain pages to
not require login. How do I accomplish this?
This is the relevant code in web.config

<forms loginUrl="login.aspx" protection="All" timeout="30"
name="TEST_AUTH" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="help.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>

Thanks,
Ben

 

[Joe Kaplan]

Instead of just setting the authorization element in web.config to require
authentication for all pages, you need to use the <location> element to set
different authorization settings for different paths. The .NET Framework
documentation has the exact schema documentation and examples for you to
follow.

Joe K.

 

[Ben]

Thank you. That helped. Can i add a list of files (Comma separated)
instead of a folder?

Thanks,
Ben

 

[Dominick Baier]

no. Only files or folders.

 

[Dominick Baier]

sorry - i meant a *single* file or folder.

 

[Joe Kaplan]

Yes, sometimes it is helpful to reorganize your cotent so all of the
protected resources are in a single part of the path hiearchy to make this
less of a configuration hassle. That is often a painful change to add after
the fact, though.