ASP.NET web.config Forms Authentication, deny anonymous users, allow anonymous access for single files

Question

I am reading this tutorial here: http://blog.repsaj.nl/index.php/2007/08/mixing-forms-based-and-windows-authentication-in-aspnet/

this part is interesting:

Create 3 files: Login.aspx, WebLogin.aspx, WinLogin.aspx. These will be the only 3 files which can be accessed without any credentials. You can allow anonymous access through your Web.config like this:

but the section under that is blank :(

So my question is, how do I allow anonymous access to my Login.aspx, WebLogin.aspx and WinLogin.aspx ?

Your question is already answered, look at: 1) http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config 2) http://stackoverflow.com/questions/4608764/specify-more-than-one-directory-in-web-configs-location-path-element — MrDywar, Sep 09 '15 at 14:30
@MrDywar, while the question you reference deals with the same web.config section as the answer to this question, it is not the same as this question and the answer is not related at all. I'm sure there probably are duplicates to this, though. — ps2goat, Sep 09 '15 at 15:26
@ps2goat why? first link - show correct syntax with authorization, second - how to add rule on multiple files. — MrDywar, Sep 09 '15 at 18:48
@MrDywar, sorry, it looked like a single link to me, and I only clicked the second one. — ps2goat, Sep 09 '15 at 18:54

score 1 · Accepted Answer · answered Sep 09 '15 at 14:23

1

Add this to your web.config. You will need this repeated for each page you want everyone to have access to (3 in your case).

    <location path="Login.aspx">
      <system.web>
        <authorization>
          <allow users="*" />
        </authorization>
      </system.web>
    </location>

answered Sep 09 '15 at 14:23

gotmilk13531

234
1
6

1

What's the difference between your and other already provided solution? – Sorrel Vesper Sep 09 '15 at 14:26
is this correct? ` ` – user979331 Sep 09 '15 at 14:41
Use `Login.aspx` instead of `~/Login`. Everything else looks fine. – gotmilk13531 Sep 09 '15 at 14:44

score 0 · Answer 2 · answered Feb 02 '16 at 17:22

   <configuration>
  <system.web>

    <authentication mode="Forms">
      <forms loginUrl="SignIn.aspx" defaultUrl="Welcome.aspx"  protection="All">
        <credentials passwordFormat="Clear">
          <user name="lee" password="lee12345"/>
          <user name="add" password="add12345"/>
        </credentials>
      </forms>
    </authentication>

    <authorization>
      <deny users="?" />      <!--his will restrict anonymous user access-->
    </authorization>

  </system.web>

  <location path="register.aspx">    <!--path here is path to your register.aspx page-->
    <system.web>
      <authorization>
        <allow users="*"/>       <!--this will allow access to everyone to register.aspx-->
      </authorization>
    </system.web>
  </location>

</configuration>

ASP.NET web.config Forms Authentication, deny anonymous users, allow anonymous access for single files

2 Answers2