I want to use authorization in the web.config to block access to SignUp.aspx to authenticated users. It cannot be accessed by user such as their roles is administrator and Guest.
<location path="SignUp.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="Login.aspx" timeout="60"
defaultUrl="Index.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<authorization>
<allow users="?"/>
<deny users="*"/>
</authorization>
Can't actually validate it now but it should do the trick. The explicit denial of all other users should allow only unauthenticated users allow the page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With