Home/ Questions/Q 7998251
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T15:10:17+00:00

I have this in my web.config <location path=ChangePassword.aspx> <system.web> <authorization> <allow users=*/> </authorization> </system.web>

  • 0

I have this in my web.config

  <location path="ChangePassword.aspx">
     <system.web>
       <authorization>
         <allow users="*"/>
       </authorization>
     </system.web>   </location>

The problem is that, while accessing the page works, i need to allow acces to this page with querystrings as well, which does not work:

  • ChangePassword.aspx?mode=
  • ChangePassword.aspx?userid=xx&mode=

How can I do that? The parameters will have dynamic values all the time of course, I cant hardcode IDs in web.config.

EDIT for better understanding of the problem

The purpose= non-logged user must have access to the ChangePassword.aspx page with any querystrings it receives.

The problem for non-logged users:

  • They can access ChangePassword.aspx
  • They can NOT access ChangePassword.aspx?parameter=value
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If a user can access the page, they can add a query string to the path.

    The authorization mechanism operates on the file location only – you can’t make it operate on the query string parameters.

    If you want to change the page behaviour according to the parameters you should do that in your page code.

    You can easily access the query string parameters on the page:

    Request.QueryString["UserId"]
    • 0