Login page in web.config. Can I put exceptions ?

S

scalf

Freshman
Joined
Jun 15, 2004
Messages
25
Location
FRANCE
Hello everybody,

I'm using a secured access to my website using specific tags in my web.config file such as :

<authentication mode="Forms">
<forms
name=".ASPXFIDEXEC"
loginUrl="login.aspx"
protection="All"
timeout="60"
/>
</authentication>

The problem is that there is one page that would like users to access without having to Log In. Can I add exceptions to avoid my web.config to redirect me automatically to the login.aspx page ?

Thanks in advance!
 
Read up on the <location> section. I can't recall all the details right now, but you'd create a <location> section with <system.web> and <authorization> subsections for each secure page in your app. you indicate the page by using the "path" attribute in your <location> marker.

you can have multiple <location> sections and you'd put them in between the <configuration> markers of your web.config file. in order to process these special pages first I think you have to put them before the default <system.web> that's already in the file.

so something like this
<configuration>
<location path="food.aspx">
<system.web>
<authorization>
~~!@@
</authorization>
</system.web>
</location>
<location path="games.aspx">
<system.web>
<authorization>
~~!@@
</authorization>
</system.web>
</location>
<system.web>
<authorization>
</authorization>
</system.web>
</configuration>

success

(oh great i indented but it won't show...oh well)
 
IIRC within the configuration section of your web.config you can add a location element and set it's path attribute to either a sub folder or an aspx page. Within that you can use most of the standard web.config elements including authorization
i.e. given a page with the catchy name of AnyOneCanAccessThisPage.aspx you should be able to use the following snippet.

Code: 
<location path="AnyOneCanAccessThisPage.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
</location>
 
Many thanks

It works fine. I added a location section for the page I wanted to exclude from my secured web space and added also a <location> </location> section for the secured part of my web site (no path parameters for this location part).

Many thanks to all the friendly guys how helped me solve this problem!!!
;)


PlausiblyDamp said:
IIRC within the configuration section of your web.config you can add a location element and set it's path attribute to either a sub folder or an aspx page. Within that you can use most of the standard web.config elements including authorization
i.e. given a page with the catchy name of AnyOneCanAccessThisPage.aspx you should be able to use the following snippet.

Code: 
<location path="AnyOneCanAccessThisPage.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
</location>
Click to expand...
 
Back
Top