All geek questions in one place

How to redirect user to password recovery page using forms authentication

I am starting asp.net. Currently, I have a login page with a link button with a forgotten password at the bottom of the screen. I also use forms authentication to prevent unauthorized users from accessing other pages. Authentication seems to work just fine, except for one. This prevents the user from accessing the password recovery page when the user clicks the link button. How to allow all users access to login / password pages, as well as prevent others from viewing pages if they are not authenticated?

The code below is designed to prevent other anonymous views from accessing other pages. But I had no idea how to allow them access to the password recovery page ...

<authentication mode="Forms">
  <forms loginUrl="/Presentation/Display/Login.aspx" name=".ASPNETAUTH" protection="All" path="/" timeout="120" cookieless="UseDeviceProfile" slidingExpiration="true"/>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
  <deny users="?"/>
</authorization>
+3
source share
3 answers

You need to use the item <location>to apply the settings to a specific path, and then add <allow />for unclaimed users.

For instance:

<location path="PasswordRecovery.aspx">
    <system.web>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>
</location>
+3
source 
<location path="Presentation/Display/PasswordRecovery.aspx">
  <system.web>
    <authorization>
      <allow users="?"/>
    </authorization>
  </system.web>
</location>

This allows anonymous users to view the password recovery page. You might want to do the same for the directory where your CSS and / or image resources are stored if they are required on the login page and / or recovery page.

+2
source

:

<location path="passwordrecovery.aspx">
   <system.web>

      <authorization>
          <allow users="*"/>
      </authorization>
   </system.web>
</location>
+2
source

Source: https://habr.com/ru/post/1777369/

More articles:


All Articles