Elad Benda2
Reputation: 15492
Does order of <location> in web.config matters?
I have set a FormAuthentication to my website.
I want to allow annonymous access to the Login page and its resources (js, css, images).
I have added to web.config. Does the order there matter?
<configuration>
<configSections>
<section name="hibernate-configuration"
type="NHibernate.Cfg.ConfigurationSectionHandler, NHibernate" />
<section name="log4net"
type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
</configSections>
<appSettings>
<add key="webpages:Version" value="1.0.0.0" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<location path="~/Authentication.htm">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="~/Resources">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="~/js">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="~/Images">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="~/Controllers">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
.....
</assemblies>
</compilation>
<authentication mode="Forms">
<forms name="Login" loginUrl="~/Authentication.htm"
protection="All" path="/" timeout="30" />
</authentication>
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
Why do I still get authentication errors for the path I have added to the ?
Authentication.htm?ReturnUrl=%2fResources%2fScripts%2fjquery-1.7.1.min.js:1Uncaught SyntaxError: Unexpected token <
Authentication.htm?ReturnUrl=%2fjs%2fCommon.js:1Uncaught SyntaxError: Unexpected token <
Authentication.htm?ReturnUrl=%2fjs%2fAuthentication.js:1Uncaught SyntaxError: Unexpected token <
Upvotes: 1
Views: 1441
Answers (2)
Khan
Reputation: 18162
Order does matter in that if you have duplicate elements, only the last element will be taken into consideration.
Upvotes: 0
jrummell
Reputation: 43087
Your root setting denies all unauthenticated users (?) and your location settings deny all users (*).
You probably meant to do this:
<!-- web application root settings -->
<authorization>
<deny users ="?" />
</authorization>
<!-- login and static resources -->
<location path="~/Images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Upvotes: 2
Related Questions
- Multiple paths in location element of web.config
- web.config's authorization list order?
- Web.Config for Forms Authentication, Locations not available to anonymous users
- what's the default behavior when webconfig doesn't contain <location path="">
- web.config and authentification, authorization, location
- Does the order of elements in app.config matter?
- Web.config Location element functioning incorrectly
- web.config location element settings
- Is .Net reading web.config from top to bottom?
- Multiple/Different authentication settings in web.config