tags:

views:

71

answers:

4
+1  Q: 

anonymous access to aspx page fails

I've a web site that uses forms authentication. For the most part, my web site requires authentication to do anything. My privacy statement page is an exception and has to be accessible to anonymous users. The page is in a folder, and I've set the location path information in the web.config as follows:

<location path="about">
    <system.web>
         <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
<location allowOverride="true">
    <system.web>
        <authentication mode="Forms">
            <forms name="FDAuth" 
                   cookieless="UseCookies" 
                   protection="All" 
                   loginUrl="login.aspx" 
                   requireSSL="false" 
                   slidingExpiration="false"></forms>
        </authentication>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

That configuration allows anonymous access to other file types, but still prompts for a log in for aspx pages.

In other words, anonymous access is allowed to this page

www.mywebsite.com/about/privacy.asp

but I go to the login.aspx page if I try to access access this page

www.mywebsite.com/about/privacy.aspx

What do I need to do to allow anonymous access to www.mywebsite.com/about/privacy.aspx?

A: 

Just one more thing : Add the line <allow users="?"/>

* users match any authenticated usernames, while ? matches all unauthenticated ones.

So, you would have this :

<location path="about">
    <system.web>
         <authorization>
            <allow users="*"/>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>
rlb.usa  2010-08-03 18:27:11
Thank you for your response, but making this change did not fix the problem.
jeffc  2010-08-03 19:03:26
A: 

just remove the <location allowOverride="true"> element and configure <authorization/> within <system.web/>

<location> tags are used to define exceptions to the global policy, which is typically defined in the <authorization/> within <system.web/>.

Sky Sanders  2010-08-03 18:30:12
That is how I had it initially, but changed it based on this answer to a similar question http://stackoverflow.com/questions/1354185/how-do-i-grant-anonymous-access-to-a-url-using-formsauthentication Neither way allowed anonymous access to the /about/privacy.aspx page
jeffc  2010-08-03 19:05:40
A: 

You should try:

<location path="about">
   <system.web>
      <authorization>
         <allow users="?"/>
      </authorization>
   </system.web>
</location>

As per this MSDN example.

Notice the ? instead of the * used for anonymous access.

This should fix your problem but if not you can specify a specific resources:

<location path="about\privacy.aspx">
Kelsey  2010-08-03 18:30:18
Thank you for your response, but changing the * to a ? did not fix the problem.
jeffc  2010-08-03 19:07:41
@jeffc did you try to specify the exact file like I mentioned? Also, make sure you do not have any child web.config files that could be overriding you current settings.
Kelsey  2010-08-03 20:15:13
A: 

Got it. The problem was that the page uses a master page. Moving the master page into the about folder solved the problem.

Thanks to the quick responses!

jeffc  2010-08-03 19:33:00

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps