tags:

views:

20

answers:

1
+1  Q: 

ASP.NET Page Unauthorization for common pages

Hi

I am developing a web application which has form based authentication. All pages needs to be authenticated except AboutUs and ContactUs pages.

I configured everything correct except AboutUs and ContactUs pages. Since I am denying all users in authorization section, application is redirecting even if the customer browse AboutUs and ContactUs pages.

Configuration Rules

<authentication mode= "Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" timeout="20" protection="All" slidingExpiration="true" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

Could you please let me know how can I tell asp.net to remove these pages for authorization??

Thanks, Mahesh

+1  A: 

Try this:

<system.web>
    <authentication mode="Forms" >
        <forms loginUrl="login.aspx" name=".ASPNETAUTH" 
                           protection="None" path="/" timeout="20" >
        </forms>
    </authentication>
<!-- This section denies access to all files in this application except for 
     those that you have not explicitly specified by using another setting. -->
    <authorization>
        <deny users="?" /> 
    </authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the AboutUs.aspx page 
     only. It is located in the same folder as this configuration file. -->
<location path="AboutUs.aspx">
    <system.web>
        <authorization>
             <allow users ="*" />
        </authorization>
    </system.web>
</location>
<!-- This section gives the unauthenticated user access to the ContactUs.aspx 
     page only. It is located in the same folder as this configuration file. -->
<location path="ContactUs.aspx">
    <system.web>
        <authorization>
             <allow users ="*" />
        </authorization>
    </system.web>
</location>
Alex  2010-05-13 09:44:08
Thanks a lot Alex. You made my day. :-)
Mahesh  2010-05-13 09:47:06

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps