My site (WebForms, C# 4.0) is using Forms Auth and by default requires login:
<authorization>
<deny users="?"/>
</authorization>
I allow unauthenticated access to the public folder (http://siteurl.com/member/public):
<location path="member/public">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
It all works fine. Then, I added a route (RouteTable.MapPageRoute(...)), so that
http://siteurl.com/member/public/view.aspx?username=someusername
can be accessed by going to:
http://siteurl.com/member/view/someusername
My problem is - now I also need to add member/view location to web.config to allow unauth access to it, so I have to have two entries for technically the same location:
<location path="member/public"> <!-- physical location -->
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="member/view"> <!-- route -->
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
I will have a bunch of those routes to pages in member/public folder, so looks like I'd have to list each of them in web.config, and it doesn't sound right...
Is there any way to tell ASP.NET to automatically apply physical path auth rules to the routing so that I woudl only need to specify unauth access to member/public and all routes to the location would automatically gain access?
Thanks!