Reputation: 11
anonymous access to aspx page fails
I've a web site that uses forms authentication. For the most part, my web site requires authentication to do anything. My privacy statement page is an exception and has to be accessible to anonymous users. The page is in a folder, and I've set the location path information in the web.config as follows:
<location path="about">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location allowOverride="true">
<system.web>
<authentication mode="Forms">
<forms name="FDAuth"
cookieless="UseCookies"
protection="All"
loginUrl="login.aspx"
requireSSL="false"
slidingExpiration="false"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
That configuration allows anonymous access to other file types, but still prompts for a log in for aspx pages.
In other words, anonymous access is allowed to this page
www.mywebsite.com/about/privacy.asp
but I go to the login.aspx page if I try to access access this page
www.mywebsite.com/about/privacy.aspx
What do I need to do to allow anonymous access to www.mywebsite.com/about/privacy.aspx?
Upvotes: 1
Views: 1944
Answers (4)
Reputation: 11
Got it. The problem was that the page uses a master page. Moving the master page into the about folder solved the problem.
Thanks to the quick responses!
Upvotes: 0
Reputation: 47726
You should try:
<location path="about">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
As per this MSDN example.
Notice the ? instead of the * used for anonymous access.
This should fix your problem but if not you can specify a specific resources:
<location path="about\privacy.aspx">
Upvotes: 0
Reputation: 37084
just remove the <location allowOverride="true"> element and configure <authorization/> within <system.web/>
<location> tags are used to define exceptions to the global policy, which is typically defined in the <authorization/> within <system.web/>.
Upvotes: 1
Reputation: 15043
Just one more thing : Add the line <allow users="?"/>
* users match any authenticated usernames, while ? matches all unauthenticated ones.
So, you would have this :
<location path="about">
<system.web>
<authorization>
<allow users="*"/>
<allow users="?"/>
</authorization>
</system.web>
</location>
Upvotes: 0
Related Questions
- Allow anonymous authentication for a single aspx page?
- Allowing anonymous access to default page
- IIS7 -- 401.2 Error with Forms/Anonymous Auth Enabled
- Problem restricting anonymous access to an ASP.Net MVC Site
- Disabling Anonymous authentication for web application causes error
- MVC Windows Authentication App Attempting Anonymous Authentication
- ASP.NET Forms authentication requires Anonymous enabled
- Anonymous access IIS
- Problems with single anonymous access aspx in Sharepoint 2010
- anonymous access disabled but