How to specify root (/) location in web.config?

58
votes

How does one specify root location in web.config to allow unauthenticated users access it?

The root location is served by default.aspx, but users normally don't see default.aspx, they just see http://mysite.com/.

So I've added 

  <location path="~/default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Which works if user hits mysite.com/default.aspx, but if user hits mysite.com/ - he is still redirected to login page.

I've tried <location path="~"> (does not help) and also <location path="~/">, <location path=""> (site fails completely) and could not make it work.

Any ideas?

10
asp.netweb-configasp.net-authorization
can they access at least access the url: http://mysite.com/default.aspx ? - balexandre
why you are not using IIRF to redirect the user from default.aspx by writing a rewrite and redirect rule.? - CodeSpread
Can you post all of the authentication related web.config code? I am assuming there is more where you are denying users, where you define the location of the login. I'd like to see it all, and in the order that you have it specified in your web.config - Charles Wesley
Look for lulhuh answer below - it helped me in exact the same situation (mark as answer if it helped you too). - Michael Logutov
Answer by lulhuh should be the accepted answer stackoverflow.com/a/19154854/481207 - Matt

10 Answers

44
votes

Try this one:

<system.web>
    <urlMappings enabled="true">
        <add url="~/" mappedUrl="~/default.aspx" />
    </urlMappings>
    <authorization>
        <allow roles="admin"/>
        <deny users="*" />
    </authorization>
</system.web>
<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
9
votes

only use 

<location path=".">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

or don't write path,because the default path is root(.)

2
votes

You can achieve by 2 method

Method 1:

You can set redirect path to http://mysite.com/default.aspx in IIS if any user directly comes to your site.in IIS7 you can do that by clicking on Default Document. Here i attached image for your reference

IIS7 setting to add your default page redirection

Method 2

You can go through this URL ASp.NET Membership to set your web config settings.

Let me know if you need more detail on this.

2
votes

The way we done it in the past was to create a folder for all functionality that requires login and set require auth for that folder. All aspx go to that folder. The root of the site stays open.

2
votes

You probably use a forms authentification no? 

<authentication mode="Forms">
   <forms loginUrl="~/Default.aspx" />
</authentication>

This will solve your problem. An alternative is:

  <location path="~/Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
1
votes

If you only want to let unauthenticated users to access default.aspx you can use 

  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

before <system.web> and set that page as default in your web server.
In Visual Studio you can select the page and "Set As Start Page".

If you want to allow access to all the files in the root you have to create folders where you put your pages which need to be accessed by authenticated users.

You can create a Secure folder where you can put all your protected pages and change your web.config this way:

  <location path="Secure">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

removing 

    <authorization>
        <deny users="?"/>
    </authorization>
0
votes

To specify root directory you have to set it outside the location block.

<configuration> 
  <system.web>
    <authorization>
      <allow users=“*“/>
    </authorization>
  </system.web>
</configuration>

and then secure your other folder using location block

<location path=“AccessDenied.aspx“>
    <system.web>
        <authorization>
            <deny users=“?“/>
        </authorization>
    </system.web>
</location>
0
votes

Use this :

<location path="Default.aspx">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>
<location path="~">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

It works for me.

0
votes

Merk was right!

I used 

<location path="">
            <system.webServer>
                <httpRedirect enabled="true" destination="http://www.newpathdestination.com" exactDestination="true" httpResponseStatus="Permanent" />
            </system.webServer>
        </location>

on Windows netserver (don't ask), making sure to put nothing in between the quotes for location path. Redirects a request for the old home page to the new home page.

-4
votes

If you want to specify the root of the directory, use <location path="" >