Check if user is on an unauthorized page

Question

I have some lines in web.config that look like the following:

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

  <location path="Error.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

I am controling login methods myself. Assume a user is not logged in and lands on abc.aspx page. Abc.aspx page is not authorized to be looked at without being logged in as seen in web.config above, only default.aspx and error.aspx are allowed. How can I check dynamically if the page I am currently on is permissable by web.config? I could hard code it but I want to see if this is doable, that way all I have to do is modify web.config not my code each time I want to add a page to an exception list.

Answer 1

Add this to your webconfig after authentcation tag. This will make sure no page is accessed by unauthorized users, the other tags you added should allow anonymous access to pages you specified.

<authorization>
  <deny users="?"/>
</authorization>

Answer 2

On each page you can add:

    protected void Page_Load(object sender, EventArgs e)
    {
            if (!Request.IsAuthenticated)
            {
                Response.Redirect("~/Account/Login.aspx");
            }

    }