Home/ Questions/Q 6859493
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T02:17:25+00:00

I am using MVC 2.0 with forms authentication. I want to allow public access

  • 0

I am using MVC 2.0 with forms authentication. I want to allow public access to one controller called “Logout”. Currently whenever I browse to it I get bounced to Login.

<authentication mode="Forms">
  <forms loginUrl="Login/Login"  
         protection="All" timeout="30"
         name=".ASPXAUTH" 
         path="/" 
         requireSSL="false" 
         slidingExpiration="true"
         defaultUrl="Token/Create" 
         cookieless="UseDeviceProfile" 
         enableCrossAppRedirects="false" />
</authentication>

<!-- Deny Anonymous users. -->
<authorization>
  <deny users="?" />
</authorization>

Update: I am using WIF and each time the user arrives at the registration page (anonymous access) I need to sign them out, to ensure that they have the latest claims in their token, and are not just allowed in with a stale token. Their claims are coming in via the request to the registration page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As SLaks mentioned, there should be no need for a non-logged-in user to access the Logout action. But, if you want to enable anonymous access to controllers / actions you have to enable it in your Web.Config:

    <location path="~/Logout">
  <system.web>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>

    A better approach for a pure MVC app is to use the Authorize attribute and enable access to all users in the web.config.

    • 0