On app startup, before logon, I want a few 'pages' to be okay to goto

Question

On app startup, before logon, I want a few 'pages', which live the same folder as my logon page to be okay to goto.

IN old aspx land you dropped a web.config in the folder where those pages lived and did this:

<system.web>
    <authorization>
        <allow users="*" />
    </authorization>
 </system.web>

What is the correct way to do this in MVC land? I tried not puting the [Authorize] tag on the controller methods I wanted to be accessable but that does not seem to cut it.

Interesting new evidence...

I went to my web.config

I changed this:

<authorization>
      <deny users="?" />
      <allow users="*" />
      <deny users="*" verbs="OPTIONS, PROPFIND, HEAD" />
</authorization>

to:

<authorization>
      <allow users="*" />
</authorization>

and now if I type this path:

http://localhost/StudentPortal3G/Account/ChangePasswordSelfService

it works,

But if I type this path :

http://localhost/StudentPortal3G/Account.mvc.aspx/ChangePasswordSelfService

it does not (and this is the path generated by Atml.ActionLink(...))

I figure this has to be a clue, and I supect my Routing is to fault, but I'm not seeing it.

public static void RegisterRoutes(RouteCollection routes)
        {

            routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
            routes.IgnoreRoute("{resource}.css/{*pathInfo}");
            routes.IgnoreRoute ( "{resource}.jpg/{*pathInfo}" );
            routes.IgnoreRoute ( "{resource}.jpg" );
            routes.IgnoreRoute ( "{resource}.gif/{*pathInfo}" );

            RouteTable.Routes.IgnoreRoute("{folder}/{*pathInfo}", new { folder = "Assets" });

            RouteTable.Routes.IgnoreRoute ( "{folder}/{*pathInfo}", new { folder = "Images" } );

            routes.IgnoreRoute ( "{*favicon}", new
            {
                favicon = @"(.*/)?favicon.ico(/.*)?"
            } );



            routes.IgnoreRoute("elmah.axd");
            //routes.MapRoute("About", "Home/About", new { controller = "Home", action = "About", id = "" });

            // you have to add this IgnoreRoute so that the PDFX pages get handled like a regular *.aspx page, not a MVC page. - EWB
            routes.IgnoreRoute("{resource}.pdfx");

            // allow MVC to run on IIS 5,6,7
            //http://stackoverflow.com/questions/57712/mvc-net-and-iis-5
            routes.Add(new Route("{controller}.mvc.aspx/{action}", new MvcRouteHandler()) { Defaults = new RouteValueDictionary(new { controller = "Email" }) });


            routes.MapRoute(
                "Email",                                              // Route name
                "{controller}/{action}/{id}",                           // URL with parameters
                null  // Parameter defaults
            );

            routes.MapRoute(
                "Default",                                              // Route name
                "{controller}/{action}/{id}",                           // URL with parameters
                new { controller = "Home", action = "Index", id = "" }  // Parameter defaults
            );

            routes.MapRoute(
                "Default2",                                              // Route name             
                "{controller}.aspx/{action}/{id}",                      // URL with parameters             
                new { controller = "Home", action = "Index", id = "" }  // Parameter defaults         ); 
            );
            routes.MapRoute(
                "Default3",                                             // Route name             
                "{controller}.mvc.aspx/{action}/{id}",                  // URL with parameters             
                new { controller = "Home", action = "Index", id = "" }  // Parameter defaults         ); 
            );
        }

More Info: if I comment these out, the HTML.ActionLink starts generating the link that works.

       routes.Add(new Route("{controller}.mvc.aspx/{action}", new MvcRouteHandler()) { Defaults = new RouteValueDictionary(new { controller = "Email" }) });

        routes.MapRoute(
            "Default2",                                              // Route name             
            "{controller}.aspx/{action}/{id}",                      // URL with parameters             
            new { controller = "Home", action = "Index", id = "" }  // Parameter defaults         ); 
        );
        routes.MapRoute(
            "Default3",                                             // Route name             
            "{controller}.mvc.aspx/{action}/{id}",                  // URL with parameters             
            new { controller = "Home", action = "Index", id = "" }  // Parameter defaults         ); 
        );

Then if I put back this one(Which is required to work on server 2008 I beleive):

       routes.Add(new Route("{controller}.mvc.aspx/{action}", new MvcRouteHandler()) { Defaults = new RouteValueDictionary(new { controller = "Email" }) });

it starts to fail again...

Does anyone have any ideas?

Any Help is appreciated.

Add the authorize filter but add the Roles of *,? which means both authenticated and unauthenticated users. — Nick Bork, Feb 28 '12 at 21:12
On my login page I have a link to a "ChangePasswordSelfService" page, when I click the link, I get redirected back to the login page with the ChangePasswordSelfService page as the ReturnUrl. I have a breakpoint on every Redirect in my code and on the ChangePasswordSelfService Get action, and none of them get hit. So it's a configuration thing somehow... Location to my Account Controller didn't fix it... both * and *,? — Eric Brown - Cal, Feb 28 '12 at 22:52

score 2 · Answer 1 · answered Feb 28 '12 at 21:05

2

Just remember that the "location" in your web.config file is URL-based, not folder based. So if you have a GuestController, you can say:

<location path="Guest">
<system.web>
  <authorization>
    <allow users="*" />
  </authorization>
</system.web>
</location>

answered Feb 28 '12 at 21:05

StriplingWarrior

151,543
27
246
315

Tried it same as before, used both * and *,? – Eric Brown - Cal Feb 28 '12 at 22:59
In case that comment was not clear, I implemented this soloution but it did not solve my issue. Should I post my web.config or somehting? – Eric Brown - Cal Feb 29 '12 at 20:15
@EricBrown-Cal: I understood: I just wasn't sure what to say at this point. This strategy is working in my MVC project. Can you share the URL that is getting redirected, and the portion of your web.config file that you think out to be matching it? – StriplingWarrior Feb 29 '12 at 20:38
Logon URL: http://localhost/StudentPortal3G/Account/Logon Target URL: http://localhost/StudentPortal3G/Account.mvc.aspx/ChangePasswordSelf or http://localhost/StudentPortal3G/Account/ChangePasswordSelfService Web.COnfig bits that ought to be allowing me Access: – Eric Brown - Cal Feb 29 '12 at 23:13
@EricBrown-Cal: Is StudentPortal3G just the name of your application, or is it an MVC area? – StriplingWarrior Mar 01 '12 at 03:54
It's the name of the application. Thanks. – Eric Brown - Cal Mar 01 '12 at 15:53
I notice that the link generated by Html.ActionLink is of the form "Account.mvc.aspx\Change..." how do I control whether or not it puts the .mvc.aspx into it, I think that might be part ofthe issue. – Eric Brown - Cal Mar 01 '12 at 16:05
1

@EricBrown-Cal: That usually has something to do with how your routes are set up. I've never seen a route that included an `aspx` extension. Maybe you should create a different question showing what values you're passing to ActionLink and what your routes look like, and see if someone can help you figure out why it's producing a route like that. – StriplingWarrior Mar 01 '12 at 17:53

On app startup, before logon, I want a few 'pages' to be okay to goto

1 Answers1