ASP.NET Authentication Question + Answer

I can't seem to find an answer to this:

Is it possible to use the tag in web.config to allow some of the pages in your site to be non-secure, meaning users can browse them without being redirected to the login page?

Update:

Well, It didn't take very long for the answers to arrive! Thanks to Fabrice And hElp Blog For providing me with ways to achieve this :) Here are the replies:

Fabrice:

Sure, after protecting your pages with the following configuration:

<authentication mode="Forms">
<forms
    name=".ASPMyApp"
    loginUrl="Security/Login.aspx"
    protection="All"
    timeout="25" />
authentication>

<authorization>
<deny users="?" />
authorization>

you can authorize access to the Errors folder (for example) by adding this to the same web.config file.

<location pah="Errors">
<system.web>
    <auhorization>
      <allow users="*" />
    auhorization>
system.web>
location>

You could also do the same by adding a web.config file in the Errors folder, which content would be:

xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
    <auhorization>
      <allow users="*" />
    auhorization>
system.web>
configuration>

hElp Blog

Roy what I do myself is to put everything to be secure in a folder, duplicate the web config in this folder and modify the tags.

The main web config of your application has to allow everybody.

It works for me !

Apr 28 ASP.NET Authentication Question + Answer

Apr 29 Build Your Own Research Library with Office 2003 and the Google Web Service API

Apr 28 Kudos for Scott

Related Posts

Mar 31 Mar 31 ASP.NET is cool + DataGrid Designer Tips

Apr 11 Apr 11 Typed Datasets - Can You Get Much Cooler?

Aug 31 Aug 31 Asynchronous ASP.Net actions suck?

Mar 31
Mar 31 ASP.NET is cool + DataGrid Designer Tips

Apr 11
Apr 11 Typed Datasets - Can You Get Much Cooler?

Aug 31
Aug 31 Asynchronous ASP.Net actions suck?