2

I have login page in MVC project and i created authorization config this. 

  <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880"  defaultUrl="~/Home/Index"/>
    </authentication>

  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>

How can i access in register page?

AardVark71
  • 3,928
  • 2
  • 30
  • 50
user2068104
  • 43
  • 1
  • 7

3 Answers3

4

Depending on what version of MVC you're using the common practice I see now in MVC3/4 is to instead of restricting access to specific actions, to restrict access to all actions, by adding Authorize() as a global filter and then grant access to a few select actions using the AllowAnonymous() attribute to act as a white-list of actions that do not need to be protected. (Like Login, Register, etc).

global.asax

protected void Application_Start()
{
    filters.Add(new AuthorizeAttribute());
}

AccountsController.cs

[AllowAnonymous]
public ActionResult Login()
{
    //Perform login...
}

Then you're web.config just has this

<authorization>
    <allow users="*" />
</authorization>
Nick Albrecht
  • 16,607
  • 10
  • 66
  • 101
  • this is windows authorization? – user2068104 Feb 14 '13 at 08:35
  • It could be. But this is just the Authorization to determine who can access what. The user might still be Authenticated using Windows Authentication. There's a subtle difference in the word but the two are different. Authentication is the act of proving who you are (logging in) and that's it. Authorization is the part that determines what you can do. This question is just for the Authorization, while the Authentication could be Windows, Forms, or some other external service like OpenAuth. – Nick Albrecht Feb 14 '13 at 17:36
0

By default you should go to Register() action method of Account controller

// GET: /Account/Register

According to your web.config: try to add this to web.config before <system.web> tag.

 <location allowOverride="true" path="Account/Register">
    <system.web>
      <authorization>
        <allow users="?" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
testCoder
  • 7,155
  • 13
  • 56
  • 75
0

A +1 to Nick Albrecht, but I found ambiguity with "filters" so I had to dig further.

Actually, it appears that filters.Add(new AuthorizeAttribute()); this code belongs in App_Start

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
        filters.Add(new AuthorizeTokens.AuthorizeWithMessage());
    }
}

and FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters) is called in Application_Start.

Spencer Sullivan
  • 527
  • 6
  • 13