G
Guest
I have an HttpHandler installed on a server in the GAC that I want to grant
public access to across all sites on the server. The problem I have is that
some sites use forms authentication. For these sites I need to override the
security of the public URLs using the GLOBAL web.config file.
When I try to grant anonymous access to a site that uses forms
authentication using the local web.config file it works fine. Example:
<location path="showASPXVersion.ashx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
But since this is a hosted environment I don't have access to the web.config
on each and every app. What I tried to do is add this to the GLOBAL
web.config:
<location path="showASPXVersion.ashx" allowOverride="false">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
While this does not throw an error, it also does not work. Is there a way
to force this page to always be allowed via anonymous access while still
allowing the various applications to use their authentication mechanism of
choice?
More info:
- showASPXVersion.ashx is registered in the GLOBAL web.config and functions
properly for all sites that are configured w/o forms authentication
- the compiled binary for showASPXVersion exists in the GAC
Thanks!
public access to across all sites on the server. The problem I have is that
some sites use forms authentication. For these sites I need to override the
security of the public URLs using the GLOBAL web.config file.
When I try to grant anonymous access to a site that uses forms
authentication using the local web.config file it works fine. Example:
<location path="showASPXVersion.ashx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
But since this is a hosted environment I don't have access to the web.config
on each and every app. What I tried to do is add this to the GLOBAL
web.config:
<location path="showASPXVersion.ashx" allowOverride="false">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
While this does not throw an error, it also does not work. Is there a way
to force this page to always be allowed via anonymous access while still
allowing the various applications to use their authentication mechanism of
choice?
More info:
- showASPXVersion.ashx is registered in the GLOBAL web.config and functions
properly for all sites that are configured w/o forms authentication
- the compiled binary for showASPXVersion exists in the GAC
Thanks!