Reputation: 794
ASP.NET Forms Authorization not working for per page setup
I'm building a webforms application, separating pages into folders, authorizing web-pages within these folders using the web.config, authorizing pages to authenticated users only and allowing certain pages to certain roles.
I have a 'beheer' folder in which the page1.aspx - page6.aspx reside. I also have a web.config in that folder which is shown below.
I'm logging into the system as a user have the role 'Admin', which would mean that all pages should be available to me, if I go to page3, page4, page5 or page6 it works just fine, but going to page1 or page2 it doesn't work, I get a unauthorized message, even though page2 and page3. I can't seem to figure out what I'm missing.
<configuration>
<system.web>
<authorization>
<deny users="?" />
<!-- Deny all unauthenticated users -->
</authorization>
</system.web>
<location path="Page1.aspx" >
<system.web>
<authorization>
<allow roles="Page1,Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page2.aspx" >
<system.web>
<authorization>
<allow roles="Page3,Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page3.aspx" >
<system.web>
<authorization>
<allow roles="Page3,Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page4.aspx,Page5.aspx,Page6.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Upvotes: 0
Views: 1625
Answers (1)
Reputation: 6764
I doubt you actually have the Admin role assigned. This part seems wrong:
<location path="Page4.aspx,Page5.aspx,Page6.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
You can't specify more than one resource on the path element. See here for more information.
Try changing it into this:
<location path="Page4.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page5.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Page6.aspx" >
<system.web>
<authorization>
<allow roles="Admin,UserAdmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Upvotes: 1
Related Questions
- how to authorize user into multiple page and vice versa
- ASP.NET Forms Authorization
- Form authentication except for one page
- Forms authentication not working as expected
- ASP.NET Forms Authentication - not redirecting to any page
- FormsAuthentication allow acces to all pages
- implement form authentication on some pages not all pages
- How to avoid Form Authentication for 2 pages
- Forms authentication issue
- ignore authentication for a single page