Home/ Questions/Q 782543
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T20:24:06+00:00

I am developing a web application which has form based authentication. All pages needs

  • 0

I am developing a web application which has form based authentication. All pages needs to be authenticated except AboutUs and ContactUs pages.

I configured everything correct except AboutUs and ContactUs pages. Since I am denying all users in authorization section, application is redirecting even if the customer browse AboutUs and ContactUs pages.

Configuration Rules

<authentication mode= "Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" timeout="20" protection="All" slidingExpiration="true" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

Could you please let me know how can I tell asp.net to remove these pages for authorization??

Thanks,
Mahesh

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try this:

    <system.web>
    <authentication mode="Forms" >
        <forms loginUrl="login.aspx" name=".ASPNETAUTH" 
                           protection="None" path="/" timeout="20" >
        </forms>
    </authentication>
<!-- This section denies access to all files in this application except for 
     those that you have not explicitly specified by using another setting. -->
    <authorization>
        <deny users="?" /> 
    </authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the AboutUs.aspx page 
     only. It is located in the same folder as this configuration file. -->
<location path="AboutUs.aspx">
    <system.web>
        <authorization>
             <allow users ="*" />
        </authorization>
    </system.web>
</location>
<!-- This section gives the unauthenticated user access to the ContactUs.aspx 
     page only. It is located in the same folder as this configuration file. -->
<location path="ContactUs.aspx">
    <system.web>
        <authorization>
             <allow users ="*" />
        </authorization>
    </system.web>
</location>
    • 0