Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Web.config: Wildcards in location and authorization

In my ASP.Net application I'm using URL routing.
The url format is somewhat like: http://site/{culture}/project/{id}.

To allow users to visit the login and recovery page, I've added the following entries to my web.config:

<location path="en-GB/login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="nl-NL/login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

Is there a form of notation so that I can skip the en-GB part and replace it with a wildcard?
I want the login and recovery page etc. to be available regardless of the culture.

like image 501
Zyphrax Avatar asked Dec 07 '10 09:12

Zyphrax


2 Answers

I don't believe you can place relative paths in the root web.config, but that isn't a concern. You can use the support of nested Web.Config files to your advantage.

You can place a web.config file similar to this in any of your sub directories (adjusting to suit the needs of that specific directory) and you'll get the support you seek. It is also a lot easier to maintain as the settings are closer to the code files they control.

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>

The overall configuration for authentication types, roles, etc. would be done in the web.config in your applications root directory. As a result, you can't set a separate login page per directory from this method, but you could have a login page that automatically handled a redirect when needed (by analyzing the ReturnURL QueryString value).

like image 130
Frazell Thomas Avatar answered Sep 19 '22 22:09

Frazell Thomas


Looking at this post, you might be able to change the extension of your login page and do something like the following:

<system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions>
        <add fileExtension=".login" allowed="true" />
      </fileExtensions>
    </requestFiltering>
  </security>
</system.webServer>

I have not tried this, but it is perhaps something to attempt.

like image 20
Mark Avenius Avatar answered Sep 19 '22 22:09

Mark Avenius