Exclude pages from authentication!

  • Thread starter Thread starter Adam J Knight
  • Start date Start date
A

Adam J Knight

Hi all,

I have an app that mostly requires authentication.

However there are a couple of pages that don't require authentication..

What do i need in my web.config, to specify these pages don't require
authentication..
thus the user is not redirected to my default login url..when they ('pages')
are requested.

Cheers,
Adam
 
Hi,

you can do that with <location> (path can either be single page or a
directory). Note that <location> element is placed right under
<configuration> element, not under the default <system.web> in standard
web.config

<location path="publicpage.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
 
Hi,

I am not to clued up when it comes to Web.config.

Here is a butchered version, probably totally wrong..that attempts to
acheive what i am after.

Obviously it is incorrect, and producing an error..Would appreciated the
correct syntax!!!!

This is an attempt to apply authentication to a 'Admin' subject directory,
but have no security on pages in root directory...

Cheers,
Adam

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnStr" value="Data Source=myDataSource;Initial
Catalog=myDb;User=myUser; Password=myPassword"/>
</appSettings>
<system.web>
<compilation defaultLanguage="c#" debug="true"/>
<customErrors mode="RemoteOnly"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
 
You need to specify <authentication> etc on the root level, therefore you
need to do it kind of twisted

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<appSettings>
<add key="ConnStr" value="Data Source=myDataSource;Initial
Catalog=myDb;User=myUser; Password=myPassword"/>
</appSettings>

<system.web>
<!-- Authentication element on root level, just specify with
authorization that root level is public -->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx"/>
</authentication>
<authorization>
<allow users="*" />
</authorization>

<compilation defaultLanguage="c#" debug="true"/>
<customErrors mode="RemoteOnly"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>

<!-- Deny Access to Admin folder -->
<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

</configuration>
 
Back
Top