Home/ Questions/Q 7726717
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T05:17:08+00:00

I have an application which requires authentication, but has some related services which can

  • 0

I have an application which requires authentication, but has some related services which can call into the application as anonymous. The calls are made via httpHandlers, some of which use wildcards. For the httpHandlers that do not use wildcards, I can manage the security by using the location element in web.config:

<httpHandlers>
  <add verb="*" path="ProcessFile.ashx" type="..." validate="false" />
  <add verb="*" path="DoSomethingElse.*.*.ashx" type="..." validate="false" />
</httpHandlers>

For the first handler, it was easy (closing tags omitted for brevity):

<location path="ProcessFile.ashx">
  <system.web>
    <authorization>
      <allow users="?" />
    ...

The second handler won’t work because location will not take wildcards. I tried using a ‘directory’ but it doesn’t seem to work:

<httpHandlers>
  ..
  <add verb="*" path="test/DoSomethingElse.*.*.ashx" type="..." validate="false" />
</httpHandlers>


<location path="test">
  <system.web>
    <authorization>
      <allow users="?" />
    ...

Is there a way to get this to work? Do I have the syntax wrong in some way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would recommend segregating your handlers that are expected to be anonymously available into a common folder and then set the location permissions for that folder to be universally available. So if you have a folder for handlers /Handlers and a subfolder /Public then you could have the following:

    <location path="/Handlers/Public">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

    Then you can put your wildcard handlers in here without having to specify it by individual name.

    • 0