ASP.NET: disabling authentication for a single aspx page (custom error page)?

Question

I am using a custom error page in IIS 6:

<customErrors redirectMode="ResponseRedirect" mode="On" defaultRedirect="Error2.aspx"/>

I want to disable authentication for the custom error page because the error being raised is related to an authentication module and I don't want to get into an infinite loop and I want to display a clean error page to the user. I have been trying the following configuration to do that.

<location path="Error2.aspx">
 <system.web>
   <authentication mode="None"/>
   <authorization>
     <allow users="?"/>
     <allow users="*"/>
   </authorization>
 </system.web>
</location>

I am getting a System.Configuration.ConfigurationErrorsException for the line that sets the authentication mode.

It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

I have verified that there are no other web.config files in subdirectories under the application's folder. The applications folder is configured as an application in IIS and the error page is at the application's root. File permissions set for the error page in IIS include anonymous and windows authentication (I have tried just anonymous as well).

Answer 1

Check out the following link. It has information that might help regarding the location tag.

<location path="404.aspx">
    <system.web>
       <authorization>
          <allow users="*" />
       </authorization>
    </system.web>
</location>

The easier approach would be to move all your error files and pages that you want to be always accessible to their own directory and then add a web.config file to the directory that grants unauthenticated access.