in asp.net, i use this config section to deny anonymous users for all pages.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
and i use the following to declare an exception that anonymous can access.
<location path="Welcome.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
that works fine for me.
however, how can i set only the default page as an exception? (such as: anonymous can access only http://mysite/, but can NOT access any other pages in the site?)
i'v tried use location path="~/" or "/" and it doesn't work.
Click on your virtual directory under the IIS you have Authentication click on it and there you will be able to see Anonymous authentication disable it.
You can configure the <authorization> element at the server level in the ApplicationHost. config file, or at the site or application level in the appropriate Web. config file. You can set default authorization rules for the entire server by configuring authorization rules at the server level.
The <location> element typically contains a <system. web> element and other configuration elements exactly as you use them in the Web. config file. The path attribute of the <location> element specifies the virtual directory or the file name where the location configuration items apply.
If path="Default.aspx"
doesn't work then it cannot be done using configuration. There's no syntax available to specify only the application root in the path attribute.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With