Top
Search The Blog
About this site

@RoyOsherove

Subscribe!

This site aims to connect all the dots of my online activities - from tools, books blogs and twitter accounts, to upcoming conferences, engagements and user group talks.

from 5whys.com
My "Projects"
Twitter: @RoyOsherove
Search
My Book: The Art of Unit Testing
Latest Posts
Video Navigation
Forms
« Build Your Own Research Library with Office 2003 and the Google Web Service API | Main | Kudos for Scott »
Monday
Apr282003

ASP.NET Authentication Question + Answer

DateMonday, April 28, 2003 at 2:41PM

I can't seem to find an answer to this:

Is it possible to use the tag in web.config to allow some of the pages in your site to be non-secure, meaning users can browse them without being redirected to the login page?

Update:

Well, It didn't take very long for the answers to arrive! Thanks to Fabrice And hElp Blog For providing me with ways to achieve this :) Here are the replies:

Fabrice:

Sure, after protecting your pages with the following configuration: 

<authentication mode="Forms">
<forms
    name=".ASPMyApp"
    loginUrl="Security/Login.aspx"
    protection="All"
    timeout="25" />
authentication>

<authorization>
  <deny users="?" />
authorization>

you can authorize access to the Errors folder (for example) by adding this to the same web.config file.

<location pah="Errors">
  <system.web>
    <auhorization>
      <allow users="*" />
    auhorization>
  system.web>
location>

You could also do the same by adding a web.config file in the Errors folder, which content would be:

xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <auhorization>
      <allow users="*" />
    auhorization>
  system.web>
configuration>

 

 

hElp Blog

Roy what I do myself is to put everything to be secure in a folder, duplicate the web config in this folder and modify the tags.

The main web config of your application has to allow everybody.

It works for me !
AuthorRoy Osherove | CommentPost a Comment |
in

PrintView Printer Friendly Version

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.