Using web.config directory security and URLs without extension

Question

Using web.config directory security and URLs without extension

I would like to use the built-in directory security features built into web.config to restrict access to the child pages of the parent page. My structure is as follows:

Members
Members / News
Members / Click
Members / Films

Users must have access to the parent page of the participants, but not to the child pages. My problem is that since I use URLs without an extension, web.config considers this to be a directory and therefore access is blocked. Is there a way to say only restrict access to sub pages?

+3

security authentication authorization asp.net web-config

Matt brailsford Feb 19 '10 at 20:43

source share

1 answer

Fábio batista · Accepted Answer · 2010-03-12T21:43:44+0000

This configuration should do the trick. This allows anonymous access for the entire website, with the exception of additional places - they need an authenticated user to work.

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms loginUrl="Login" defaultUrl="Members" />
        </authentication>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>

    <location path="Members/News">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Press">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    <location path="Members/Movies">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

</configuration>

Using web.config directory security and URLs without extension

More articles: