2

I'm trying to make only two pages (login.aspx and register.aspx) visible to anonymous users, I've been able to make anonymous user to access only login.aspx and no more..but I can't make register.aspx available as well, any hints? This is my web.config so far:

    <configuration>
  <configSections>
      <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  <connectionStrings>
    <add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-WebApplication18-20150319150910;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-WebApplication18-20150319150910.mdf" />
  </connectionStrings>
  <system.web>
    <compilation debug="true" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1" />
    <pages>
      <namespaces>
        <add namespace="System.Web.Optimization" />
      </namespaces>
    <controls>
      <add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
    </controls></pages>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/" />
    </authentication>
    <authorization>
      <deny users="?"/> 
        </authorization>
         <profile defaultProvider="DefaultProfileProvider">
      <providers>
        <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </profile>
    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
      </providers>
    </membership>
    <roleManager defaultProvider="DefaultRoleProvider">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </roleManager>
       <sessionState mode="InProc" customProvider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>
  </system.web>
   <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.1.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
  </entityFramework>
 </configuration>
FabioEnne
  • 732
  • 1
  • 14
  • 43
  • Likely to be a duplicate of: http://stackoverflow.com/questions/9727509/how-to-allow-an-anonymous-user-access-to-some-given-page-in-mvc . – goobering Mar 20 '15 at 14:39
  • 1
    @goobering wel...not really, mine is not an MVC application... – FabioEnne Mar 20 '15 at 14:43
  • Looks like that question is your answer. – H H Mar 20 '15 at 14:46
  • Possible duplicate/please try the example in the following: http://stackoverflow.com/questions/3628445/allow-access-for-unathenticated-users-to-specific-page-using-asp-net-forms-authe – Daniel Sanchez Mar 20 '15 at 14:48

2 Answers2

1

In you account directory create another web.config file and apply the following

<location path="login.aspx">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>
</location>
<location path="register.aspx">
<system.web>
    <authorization>
        <allow users="*"/>
    </authorization>
</system.web>
</location>

Update

<configuration>
<system.web>
    <authentication mode="Forms"/>
    <authorization>
        <deny users="?"/> 
    </authorization>
</system.web>

<location path="~/YourFolder/Register.aspx"> 
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

<location path="~/YourFolder/Login.aspx"> 
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
</configuration>

Further reading here

Izzy
  • 6,740
  • 7
  • 40
  • 84
  • done it but no good, I understand what are you sayng but..can you please check my web.config i've posted here? it's inside the root folder, can you tell me if I have also to modify something in there? – FabioEnne Mar 20 '15 at 16:05
  • No you shouldn't need to add anything in your `web.config` in the root directory – Izzy Mar 20 '15 at 16:24
  • so is not right to add something like: in my root web.config? because i wanna deny access to evry part of the website exept from login and register (inside the Account folder) to any ananymous user... – FabioEnne Mar 20 '15 at 16:39
  • Sorry I misunderstood you.. Yes you will have to add the relevant code in your root config file – Izzy Mar 20 '15 at 18:05
  • can you please provide me a little example for both files? It seems I can figure out a proper way... If I leave my file as I posted here all the pages are redirected to login...if I try to add an exception for another page it doesn't work...I'm getting mad...thanks – FabioEnne Mar 20 '15 at 19:04
  • @FabioEnne See my updated answer. Place it in the root `config` – Izzy Mar 23 '15 at 09:46
0

I think this should work - lifted from: http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config:

<location path="register.aspx"> //path here is path to your register.aspx page e.g. it could be ~/publicpages/register.aspx
    <system.web>
        <authorization>
        <allow users="*"/> // this will allow access to everyone to register.aspx
        </authorization>
    </system.web>
</location>
goobering
  • 1,547
  • 2
  • 10
  • 24