How do I grant anonymous access to a url using FormsAuthentication?
For the most part, my webapp requires authentication to do anything. There are a few pages, namely the homepage, that I\'d like people to be able to access without authenti
-
I hate to answer my own question, but since I did end up figuring it out, I figure I'd share the knowledge.
Use the location tag and put the allow and deny tags in the correct order.
The location tag can be used to configure a specific url resource. In my case I wanted to configure a few urls and folders specifically.
This didn't work at first because I didn't have the allow/deny in the correct order. According to MSDN, "the authorization module grants or denies access to a URL resource depending on whether the first access rule found is an allow or a deny rule."
In my case I needed to put all my public stuff first (default.aspx, home,styles, images, scripts) and then I put a deny on everything else. I left out the path on the last location tag. That makes it apply to all files and subfolders.
End result, a user can get to the homepage, pull up images and styles, but for everything else must log in.
Here's my web config file now:
<!--AUTHORIZATION AND AUTHENTICATION RULES--> <location path="default.aspx"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="Home"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="Styles"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="Scripts"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="images"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location allowOverride="true"> <system.web> <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" slidingExpiration="true" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </location> <!--END AUTHORIZATION AND AUTHENTICATION RULES-->讨论(0)
加载中...
- 热议问题