I have an ASP.NET 4.5 / C# site where I am trying to do the following. When users hit the root of the site, www.blah.com, they should be redirected to Default.aspx. This page is open and does not require login. There is a link on this page if they would like to login. However, I need to automatically redirect them to login if they try to access other pages. Some are open to all and some are not. I'm cool with assigning permissions via roles per page or per folder. The issue I have is with Default.aspx.
If a user comes to my site by typing: www.blah.com/Default.aspx then the page comes up with no redirect for a login.
If a user comes to my site by typing: www.blah.com/Admin.aspx then they are redirected to login.
My life is good so far, but...
If a user comes to my site by typing: www.blah.com then they are redirected to login instead of just loading Default.aspx. Here is the relevant web.config.
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" requireSSL="false" protection="All" slidingExpiration="true" path="/" timeout="240" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users= "?"/>
</authorization>
<system.web>
I assume my specific permission on Default.aspx overrides the generalized deny. Again, this appears to work. The issue I have is the automatic redirect to Default.aspx when someone hits the root of my site, www.blah.com.
As always, thanks!
update
I have moved everything into one of 3 directories: _public, _private, _admin. Let's not worry about _admin for now. Here is how my web.config is set up:
<defaultDocument>
<files>
<clear />
<add value="~/_public/Default.aspx" />
</files>
</defaultDocument>
.
.
.
<location path="_public">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="_private">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
.
.
.
<forms name=".ASPXFORMSAUTH" loginUrl="~/_public/Login.aspx" defaultUrl="~/_private/landingPage.aspx" slidingExpiration="true" path="/" />
I am still doing something wrong. Shouldn't my users come to ~/_public/Default.aspx when they hit www.blah.com? Now it is telling me I don't have a default page specified.
Also, regarding the defaultUrl property of the forms tag. How does this tie in with the DestinationPageUrl of my login control?
Thx!
update I updated the paths in the location tag to "~/folder" instead of "folder". Now instead of an error is just keeps taking me to the login screen. I don't have another authorization tag in the root of web.config, but I am handling the subfolders from the main web.config instead of putting a separate file in each subfolder.