ASP.NET Authentication Question
I can't seem to find an answer to this:
Is it possible to use the
tag in web.config to allow some of the pages in your site to be non-secure, meaning users can browse them without being redirected to the login page?
Sure, after protecting your pages with the following configuration:
<
authentication mode="Forms"><forms
name=".ASPMyApp"
loginUrl="Security/Login.aspx"
protection="All"
timeout="25" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
you can authorize access to the Errors folder (for example) by adding this to the same web.config file.
<location pah="Errors">
<system.web>
<auhorization>
<allow users="*" />
</auhorization>
</system.web>
</location>
You could also do the same by adding a web.config file in the Errors folder, which content would be:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<auhorization>
<allow users="*" />
</auhorization>
</system.web>
</configuration>