Home/ Questions/Q 4336734
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T10:50:52+00:00

Dear All, I want to disable anonymous access to my MVC 2 application for

  • 0

Dear All,
I want to disable anonymous access to my MVC 2 application for that I add below code in web.config file <deny users="?" />
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
After that application start with login page but it is not taking masterpage and css styles

This is Login page code

`<%@ Page Language=”C#” MasterPageFile=”~/Views/Shared/Site.Master” Inherits=”System.Web.Mvc.ViewPage” %>

Log On

Log On

Please enter your username and password. <%: Html.ActionLink(“Register”, “Register”) %> if you don’t have an account. 

<% using (Html.BeginForm()) { %>
    <%: Html.ValidationSummary(true, "Login was unsuccessful. Please correct the errors and try again.") %>
    <div>
        <fieldset>
            <legend>Account Information</legend>

            <div class="editor-label">
                <%: Html.LabelFor(m => m.UserName) %>
            </div>
            <div class="editor-field">
                <%: Html.TextBoxFor(m => m.UserName) %>
                <%: Html.ValidationMessageFor(m => m.UserName) %>
            </div>

            <div class="editor-label">
                <%: Html.LabelFor(m => m.Password) %>
            </div>
            <div class="editor-field">
                <%: Html.PasswordFor(m => m.Password) %>
                <%: Html.ValidationMessageFor(m => m.Password) %>
            </div>

            <div class="editor-label">
                <%: Html.CheckBoxFor(m => m.RememberMe) %>
                <%: Html.LabelFor(m => m.RememberMe) %>
            </div>

            <p>
                <input type="submit" value="Log On" />
            </p>
        </fieldset>
    </div>
<% } %>

`

can someone direct me what I am missing?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Don’t use <deny users="?" /> in ASP.NET MVC. Use the [Authorize] attribute to decorate controllers/action that need to be protected. So for example if you wanted to protect all controllers you could have a base controller which will be decorated with this attribute:

    [Authorize]
public abstract class BaseController: Controller
{
    protected BaseController() {}
}

    and then have other controllers derive from it. Obviously the LoginController shouldn’t derive from this base controller as it need to show the login form without requiring authentication.

    • 0