Home/ Questions/Q 1898170
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T06:44:00+00:00

I am having some trouble when I use ASP .Net 4’s URL Routing feature

  • 0

I am having some trouble when I use ASP .Net 4’s URL Routing feature while Authorization rules configured.

Global.asax

void Application_Start(object sender, EventArgs e) {
    RegisterRoutes(RouteTable.Routes);
}

private void RegisterRoutes(RouteCollection routes) {
    routes.MapPageRoute("dashboard", "", "~/Restricted/Default.aspx", true);
    routes.MapPageRoute("register", "register", "~/Register.aspx", true);
    routes.MapPageRoute("login", "login", "~/Login.aspx", true);
}

{Root}\Web.Config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="DevAuth" 
                   loginUrl="/login/" 
                   protection="All" 
                   path="/" 
                   timeout="15"
                   requireSSL="false" 
                   slidingExpiration="true" 
                   cookieless="AutoDetect" />
        </authentication>
    </system.web>
    <system.webServer>
        <security>
            <authentication>
                <basicAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</configuration>

{Root}\Restricted\Web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Allow" roles="Developer" />
                <add accessType="Deny" users="*" />
            </authorization>
        </security>
    </system.webServer>
</configuration>

The problem I am facing is:

Any idea about what’s going on?

EDIT 1

The following change in the config file gives me Access is denied.

{Root}\Web.Config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="DevAuth" 
                   loginUrl="/login/" 
                   protection="All" 
                   path="/" 
                   timeout="15"
                   requireSSL="false" 
                   slidingExpiration="true" 
                   cookieless="AutoDetect" />
        </authentication>
    </system.web>
    <system.webServer>
        <security>
            <authentication>
                <basicAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
    <location path="login">
        <system.web>
            <authorization>
                <allow users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="register">
        <system.web>
            <authorization>
                <allow users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="">
        <system.web>
            <authorization>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
</configuration>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Hummmm I think it comes around this :

    <location path="">
    <system.web>
        <authorization>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

    The problem I see here comes from this path=””, because this information says to the UserAgent [Browser, like IE or FF or Chrome] to block this address : http://localhost:xxxxx

    which in fact, points out to your default route : ~/Restricted/Default.aspx

    You are denying access to this page by default to all users. Hopes it gives you a hint on how to do this.

    • 0