I have the following settings in my web.config:
<!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. -->
<authentication mode="Forms">
<forms loginUrl="/login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="UserConfigSettings.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
</system.web>
<location path="Images">
<system.web>
<authorization>
<allow users="?,*" />
</authorization>
</system.web>
</location>
<location path="Styles">
<system.web>
<authorization>
<allow users="?,*" />
</authorization>
</system.web>
</location>
on my login form I have a hyperlink that redirected users to a registration page but since applying the above authorizations settings the link doesn’t work, until I log in then I get redirected to the registration page. Can i specifically set this link to redirect users not matter what authorization they have? Here’s my form code
<form id="form1" runat="server">
<div>
<asp:Panel ID="panelHeaderImage" BorderWidth="1" runat="server" width="660" >
<table class="Table">
<tr align="center">
<td colspan="3"><img src="images/header.jpg" alt="some_text" /><br /><br /></td>
</tr>
<tr valign="top">
<td colspan="3"><asp:Panel ID="panelNavigation" CssClass="Panel" runat="server" HorizontalAlign="Center" Width="650px"></asp:Panel> </td>
</tr>
<tr valign="top">
<td align="right">
<asp:Label ID="lblUserName" CssClass="Label_Med_Bold" runat="server" Text="User Name:"></asp:Label>
</td>
<td align="left">
<asp:textbox id="txtUserName" runat="server" width="180px"></asp:textbox>
<asp:requiredfieldvalidator id="rvUserValidator" runat="server" controltovalidate="txtUserName" CssClass="Label_Small_Red" errormessage="Please enter a Username" display="Dynamic"></asp:requiredfieldvalidator>
</td>
</tr>
<tr valign="top">
<td align="right">
<asp:Label ID="lblPassword" CssClass="Label_Med_Bold" runat="server" Text="Password:"></asp:Label>
</td>
<td align="left">
<asp:textbox id="txtPassword" runat="server" width="180px" textmode="Password"></asp:textbox>
<asp:requiredfieldvalidator id="rvPasswordValidator" runat="server" controltovalidate="txtPassword" CssClass="Label_Small_Red" errormessage="Please enter a Password" display="Dynamic"></asp:requiredfieldvalidator>
</td>
</tr>
</table>
<table width="650" class="Table">
<tr valign="top">
<td align="right" class="special_column1">
<asp:Label ID="lblSaveResult" runat="server" CssClass="Label_Red_Bold" Text=""></asp:Label>
</td>
<td align="left">
<asp:button id="btnLogin" CssClass="Button_Main" runat="server" text="Login" borderstyle="Solid" onclick="btnLogin_Click"></asp:button>
</td>
</tr>
<tr>
<td>
<asp:hyperlink id="hl_Register" CssClass="hyperlink" runat="server" Enabled="true" navigateurl="Administration.aspx">New User?...Register Here</asp:hyperlink>
</td>
</tr>
</table>
</asp:Panel>
</div>
</form>
Yes, you just need an additional
Locationsection in your web.config that allows access to the registration page only: