-8

I have created an mvc application I don't want authentication for one functionality in my application. I want that the user should able to open the page from the URL without log in.Right now if I enter the URL to open that functionality directly then it will take me to the sign on page. I want to bypass the authentication process in one functionality. I have tried following code in my web.config.

<location path="ControllerName">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

And I have also added [AllowAnonymous] attribute to the some action of my controller.

The following code that i have written for authentication in my web.config.

<modules runAllManagedModulesForAllRequests="true">
    <remove name="FormsAuthentication"/>

    <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>

    <remove name="AuthorisationModule"/>

    <add name="AuthorisationModule" type="ProjectName.AuthorisationModule(which is for autentication), Project Name"/>
</modules>
Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Mehul Vaghela
  • 478
  • 4
  • 20
  • This is not a good way to ask a question here. Did you try _anything_ so far to solve your problem? Show your effort first so people might show theirs. Please read [FAQ], [ask] and [help] – Soner Gönül May 12 '14 at 13:05
  • 6
    Take a look at your question... forget what you know... now ask yourself 'Would I understand what this person is trying to achieve from the information I have given?'. – BenjaminPaul May 12 '14 at 13:07
  • yes you can set a user as authenticated in code, e.g. when a secret url is opened. Bare in mind this is security through obscurity which bad http://stackoverflow.com/questions/1439746/asp-net-authenticating-user-in-code – rob May 12 '14 at 13:27
  • Similar question is answered here: http://stackoverflow.com/questions/10087815/how-to-avoid-form-authentication-for-2-pages. – Shashank Chaturvedi May 12 '14 at 13:49
  • 1
    I have edited the question properly. Now can any one help me on this? – Mehul Vaghela May 12 '14 at 14:40
  • @MehulVaghela - Much better. I've cast a reopen vote and removed my downvote. Unfortunately, I don't have a useful answer to supply. – Bobson May 13 '14 at 13:12

2 Answers2

5

There is an authentication for the whole application and I want discard the authentication of just one feature of my mvc application. So I have added the following code in my web.config

<location path="ControllerName">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
     </system.web>
 </location>

So using this code it's working fine.

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Mehul Vaghela
  • 478
  • 4
  • 20
0

Something that may help with your issue is the fact that you can have multiple web.config files -- if you put a web.config in a subdirectory within your project, then you can include configuration options specific only to that subdirectory. As such, you may want to try adding a subfolder to contain just the controller which you want to make publicly available, and then creating a separate web.config file allowing open access to that subdirectory. As per this answer regarding wildcards in web.config files, here is example code that should suffice as a standalone web.config to provide 

<?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</configuration>

That way you don't have to mess around with specifying the one controller or action you want to give access to, as the distinction is made by the organization of the files in the directory structure.

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Sam Hanley
  • 4,707
  • 7
  • 35
  • 63