Allow access for unathenticated users to specific page using ASP.Net Forms Authentication

46
votes

I am using ASP.Net Forms Authentication. My Web.config looks like this.

    <authentication mode="Forms">
      <forms loginUrl="login.aspx"/>
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>

So currently every aspx page requires authentication.

I want to allow access to even unauthenticated users to a specific page named special.aspx. How can I do this?

4
asp.netforms-authentication
did you ever figure this one out?Chase Florell

4 Answers

59
votes

Take a look at the example on MS Support

<configuration>
    <system.web>
        <authentication mode="Forms" >
            <forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
            </forms>
        </authentication>
<!-- This section denies access to all files in this 
application except for those that you have not explicitly 
specified by using another setting. -->
        <authorization>
            <deny users="?" /> 
        </authorization>
    </system.web>
<!-- This section gives the unauthenticated 
user access to the ThePageThatUnauthenticatedUsersCanVisit.aspx 
page only. It is located in the same folder 
as this configuration file. -->
        <location path="ThePageThatUnauthenticatedUsersCanVisit.aspx">
        <system.web>
        <authorization>
            <allow users ="*" />
        </authorization>
        </system.web>
        </location>
<!-- This section gives the unauthenticated 
user access to all of the files that are stored 
in the TheDirectoryThatUnauthenticatedUsersCanVisit folder.  -->
        <location path="TheDirectoryThatUnauthenticatedUsersCanVisit">
        <system.web>
        <authorization>
            <allow users ="*" />
        </authorization>
        </system.web>
        </location>
</configuration>
21
votes

Put the following in your web.config:

  <location path="special.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
2
votes
<location path="register.aspx"> //path here is path to your register.aspx page 
<system.web>

<authorization>
<allow users="*"/> // this will allow access to everyone to register.aspx
</authorization>

</system.web>
</location>

For more detail follow the below link

http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config

2
votes

Allow everyone to access a particular page

Sometimes you want to allow public access to some page and want to restrict access to rest of the site only to logged / authenticated users .i.e. do not allow anonymous access. Say your special.aspx is in your site's root folder. In the web.config of your website's root folder you need to have following setup.

 <configuration>
    <system.web>

    <authentication mode="Forms"/>

       <authorization> <deny users="?"/>  //this will restrict anonymous user access
       </authorization>

   </system.web>
   <location path="special.aspx"> //path here is path to your special.aspx page 
   <system.web>
   <authorization>
    <allow users="*"/> // this will allow access to everyone to special.aspx

 </authorization>
 </system.web>
 </location>
 </configuration>