What is the best way to authorize all users to one single page in a website.

For except the login page and one other page, I deny all users from viewing pages in the website. How do you make this page accessible to all users?


+5  A: 

I've been using forms authentication and creating the necessary GenericIdentity and CustomPrincipal objects that allows me to leverage the User.IsInRole type functions you typically only get with Windows authentication.

That way in my web.config file, I can do stuff like...

<location path="Login.aspx">
         <allow users ="*" />

<location path="ManagementFolder">
         <allow roles ="Administrator, Manager" />

Hope this helps!


I created a base "page" class that handles that sort of thing. All my pages can then be decorated with the RequiresLogin attribute if a login is required to view them. If the attribute is not present, the page is accessible to all.


<RequiresLogin()> _ 
<RequiresPermission("process")> _
Partial Class DesignReviewEditProgressPage
    Inherits MyPage 'which inherits System.Web.UI.Page and deal with logins itself

End Class

The MyPage class checks what attributes are being tagged to itself and if RequiresLogin is present, it forwards you to a login page.

I believe this could be adapted to fit your own problem.

Louis Salin
People who downvote should be obligated to write the reason!!