Re: authorization location override

If you move the unsecure pages to a separate folder and implement the location tag on just the folder path, does that give you the desired behavior?

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Gene" <Gene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:1CBA5713-4A9C-4910-9C31-EFEB83FACFB4@xxxxxxxxxxxxxxxx
I can't get the location override to work in the web.config. Only
authenticated user with specific roles should be able to access the
application except for some pages need public access (3 or 4 pages). I have
tested the main authorization section and it works correctly, but the
location override doesn't allow all identities like it should.

Markup from web.config file:

<configuration>
<system.web>
<authentication mode="Windows"/>
<authorization>
<deny users="?" />
<allow roles="test" />
<deny users="*" />
</authorization>
</system.web>
<location path="~/Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

Thanks for any insight,
Gene

.

Relevant Pages

  • Re: webservice
    ... The typical approach would be to restrict access to the directory using the ... location tag in web.config ... John Timney (MVP) ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Excluding certian pages from Forms authentication
    ... You can also try using a Location Tag with Authorization in the Web.config. ... "Samba" wrote: ... Prev by Date: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Multiple pages for Location tags?
    ... Can I set up multiple pages in the same Location tag? ...
    (microsoft.public.dotnet.framework.aspnet)