Hi fellow stackers… I have an ASP.NET 3.5 app using forms authentication. I would like to request a page that is available to authenticated users only, but be able to display it to non authenticated users in certain scenarios. My question is at what point of the page lifecycle do I need to tell ASP.NET that is ok to display the page and how do I tell it to do so.
I’ve tried this to no avail:
void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpContext.Current.SkipAuthorization = true;
}
Of course the example above was for testing purposes only
I’m not sure what you mean by “tried to no avail”. What exactly is happening? If you are manipulating the current HTTP context to skip authorization using your method in either the
BeginRequestorAuthenticateRequest(the only two request pipeline events that occur beforeAuthorizeRequest), it will bypass any authorization settings in yourweb.configfile that allow or deny users.How are you currently authorizing your requests to the page in question?