csharpnewbie
csharpnewbie

Reputation: 441

asp.net forms authentication deny any user from accessing new web forms

I'm having problem with an assignment on asp.net. I would like to ask, is there any way in which i can prevent any users (including authenticated users) from accessing newly created web forms unless I specified the access rights to the page in the web config?

i tried using

<deny users="*"> 

but it denies all users from accessing any pages, even those which i have already specified access rights, for example:

<location path="home.aspx">

Upvotes: 1

Views: 4827

Answers (2)

Srinivas
Srinivas

Reputation: 1063

This should help you:

<location path="FolderName/pagename.aspx">
        <system.web>
            <authorization>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

Upvotes: 0

Yusubov
Yusubov

Reputation: 5843

Here is a good article to look at, the example is on MS Support

  <configuration>
        <system.web>
            <authentication mode="Forms" >
                <forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
                </forms>
            </authentication>
    <!-- This section denies access to all files in this 
    application except for those that you have not explicitly 
    specified by using another setting. -->
            <authorization>
                <deny users="?" /> 
            </authorization>
        </system.web>
    <!-- This section gives the unauthenticated 
    user access to the ThePageThatUnauthenticatedUsersCanVisit.aspx 
    page only. It is located in the same folder 
    as this configuration file. -->
            <location path="ThePageThatUnauthenticatedUsersCanVisit.aspx">
            <system.web>
            <authorization>
                <allow users ="*" />
            </authorization>
            </system.web>
            </location>
    <!-- This section gives the unauthenticated 
    user access to all of the files that are stored 
    in the TheDirectoryThatUnauthenticatedUsersCanVisit folder.  -->
            <location path="TheDirectoryThatUnauthenticatedUsersCanVisit">
            <system.web>
            <authorization>
                <allow users ="*" />
            </authorization>
            </system.web>
            </location>
    </configuration>

Upvotes: 2

Related Questions