Hi, I have build a site that relies on forms authentication and this is how my web.config looks like:
it all works just fine, but I don't understand where do I specify what pages of my site I want to require to login. Example: I want to specify that default.aspx and every other page can be viewed by anyone, only the admin.aspx site requires login.
With the code above, login is requiered when I try to get on any page, even default.aspx.
I've searched the forum, and haven't found any example that would help me. Is implementing roles the key? How do I do that?
Code:
<system.web>
<customErrors mode="Off"></customErrors>
<authentication mode="Forms">
<forms name ="hosteseAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="jeff" password="test" />
<user name="mike" password="test" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>it all works just fine, but I don't understand where do I specify what pages of my site I want to require to login. Example: I want to specify that default.aspx and every other page can be viewed by anyone, only the admin.aspx site requires login.
With the code above, login is requiered when I try to get on any page, even default.aspx.
I've searched the forum, and haven't found any example that would help me. Is implementing roles the key? How do I do that?
