Turning off security for /

Question

I am using openID on my site for login and need it to fetch the XRDS document So I unsecured it

<location path="xrds.aspx">
        <system.web>
            <authorization>
                <allow users="?" />
            </authorization>
        </system.web>
    </location>

But when the openID server checks the domain for the location of this file it asks for http://example.com/ and it should receive a header telling it where this file is. It can’t get this because the page redirects to a login page and the openID server doesn’t follow the redirect. The solution is to unsecure / . I tried and can go to domain/default.htm no problem as it is not secured but if I go to just / it’s still secured.

If there a way to specify a location for / ? Note: path attribute must be a relative virtual path. It cannot contain any of '?' ':' '\' '*' '"' '<' '>' or '|'.

Answer 1

Have you tried using "~" as the path yet? It points at the application root, which (depending on your particular configuration) likely is the same folder as "/" for your domain.

Answer 2

How about the empty string for a path?

Answer 3

The root path is represented by the core Web.config file that is NOT wrapped in a <location/> tag. You would need to remove security on the whole application, then selectively apply it to the files and child folders you want security to be enabled on. I know its not really a pretty answer, but sadly, thats the way it works.