Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Web.config: Wildcards in location and authorization

Tags:

asp.net

web-config

url-routing

In my ASP.Net application I'm using URL routing.
The url format is somewhat like: http://site/{culture}/project/{id}.

To allow users to visit the login and recovery page, I've added the following entries to my web.config:

<location path="en-GB/login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="nl-NL/login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

Is there a form of notation so that I can skip the en-GB part and replace it with a wildcard?
I want the login and recovery page etc. to be available regardless of the culture.

like image 501
Zyphrax Avatar asked Dec 07 '10 09:12

Zyphrax

2 Answers

I don't believe you can place relative paths in the root web.config, but that isn't a concern. You can use the support of nested Web.Config files to your advantage.

You can place a web.config file similar to this in any of your sub directories (adjusting to suit the needs of that specific directory) and you'll get the support you seek. It is also a lot easier to maintain as the settings are closer to the code files they control.

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>

The overall configuration for authentication types, roles, etc. would be done in the web.config in your applications root directory. As a result, you can't set a separate login page per directory from this method, but you could have a login page that automatically handled a redirect when needed (by analyzing the ReturnURL QueryString value).

like image 130
Frazell Thomas Avatar answered Sep 19 '22 22:09

Frazell Thomas

Looking at this post, you might be able to change the extension of your login page and do something like the following:

<system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions>
        <add fileExtension=".login" allowed="true" />
      </fileExtensions>
    </requestFiltering>
  </security>
</system.webServer>

I have not tried this, but it is perhaps something to attempt.

like image 20
Mark Avenius Avatar answered Sep 19 '22 22:09

Mark Avenius
Sign in to Comment

Related questions

MVC 5 use old forms authentication instead of OWIN
Is the Actual culture related SQL to CLR float-double conversions?
How can the machine key be safely rotated?
C# How to Open HEIC Image
What does 'Thread was being aborted.' 'at SNIReadSync(SNI_Conn* , SNI_Packet** , Int32 )' mean?
Generate a PDF report from a generated Excel file (EPPLUS Library)
Data Persistence across ASP.NET postbacks
Could not create SSL/TLS secure channel works on winforms but not in asp.net
ASP.NET WEB API 2 Works Locally But Not On Production Web Server
ASP.NET Core Disable Response Buffering
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Is a static repository a right way to use NHibernate?
Redirecting default.aspx to root virtual directory
Options for ASP.NET page with matching client-side and server-side markup?
What causes EF insert to be much slower than plain ADO.NET?
Where to store AES key?
SagePay (payment gateway) notification return taking long time in ASP.Net MVC application
coded ui test project, obtain value of asp label
The underlying connection was closed. Cannot run Asp.Net core 2.1 web api application using HTTP.sys?
Why doesn't fusion log binding errors?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!