Click here to Skip to main content
15,887,676 members
Search within:


Form authentication issue with excluding pages
Please Sign up or sign in to vote.
0.00/5 (No votes)
Greetings i've used Form Authentication for my Admin Directory and i've excluded my root Webforms and i've uploaded it on Host, now whenever i call the domain, it wants me to Authenticate first. but if i call Domain/index.aspx for example it works. i dont know how to fix this issue.

What I have tried:

XML
<system.web>
    <machineKey validationKey="74222414ADCEF7AD77EBDDEEF79D2ED08F23BBA5BE82154DF47135ACF39F60F29CFA095BE6B707799DF70A53BFA4B43D336789D552DBC4D9542C6F97DFC12256" decryptionKey="25D197E2D9E761C61CAB460F3F67936FF569394BDB7C48C6B02DB2C71B306EA0" validation="SHA1" decryption="AES" />
    <pages validateRequest="false" />
    <!--<customErrors mode="On">
        <error statusCode="404" redirect="~/error/default.html" />
      </customErrors>-->
    <authentication mode="Forms">
      <forms name="MyAppCookie" loginUrl="~/Admin/Login.aspx" protection="All" timeout="120" defaultUrl="~/Admin/Default.aspx" />
    </authentication>
    <authorization>
      <deny users="?" />
      <allow users="*" />
    </authorization>
  </system.web>
  <location path="Index.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

  <location path="Contactus.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

  <location path="Blogdetails.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Blog.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Aboutus.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
Posted
Updated 31-Aug-16 4:11am
v3
Add a Solution

1 solution

Look at your configuration again. You've told it that every URL in your application except Index.aspx, Contactus.aspx, Blogdetails.aspx, Blog.aspx and Aboutus.aspx requires authentication.

When you request the root of your application, the URL does not contain any of those pages, so the request requires authentication.

Change the configuration around, and deny anonymous access to the pages and folders you want to protect.
XML
<system.web>
    <machineKey ... />
    <pages validateRequest="false" />
    <authentication mode="Forms">
      <forms name="MyAppCookie" loginUrl="~/Admin/Login.aspx" protection="All" timeout="120" defaultUrl="~/Admin/Default.aspx" />
    </authentication>
    
    <!-- NB: Remove the <authorization> element here... -->
</system.web>

<!-- Now deny anonymous access to any pages / folders you want to protect: -->
<location path="admin">
    <system.web>
        <authorization>
            <deny users="?" />
            <allow users="*" />
        </authorization>
    </system.web>
</location>

For folders, you could also create a web.config file within the folder with the authorization rules, without using the location element:
XML
<!-- /admin/web.config -->
<configuration>
    <system.web>
        <authorization>
            <deny users="?" />
            <allow users="*" />
        </authorization>
    </system.web>
</configuration>


NB: You should never post your <machineKey> details to a public forum. Those are private encryption keys, which would allow anyone to hack into your site. You should change those keys ASAP!
 
Share this answer
 
Posted
Comments
SmackDatCode 31-Aug-16 10:48am    
Oh thank you! And sure about the Machiekey.
But i have this question. how may i be able to Address my root in location path? does it go like this?
location path="httpdoc"
Richard Deeming 31-Aug-16 10:52am    
No. The root is everything that's outside of a <location> element. You set up the configuration for the root, and then use <location> elements to override it for specific pages or folders.
SmackDatCode 31-Aug-16 11:34am    
Greetings. i've used the second option you mentioned above, but i keep getting this error now. main issue is resolved, but i dont have access to my admin folder, it always gives me the error 500.
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS

i used the second webconfig in my admin folder with Authentication for its forms.
Richard Deeming 31-Aug-16 11:49am    
The <authentication> section has to be defined in the web.config file in the root of your application.

You only need to define the <authorization> element in the web.config file in the admin folder.
SmackDatCode 31-Aug-16 13:15pm    
it worked thanks a million! :)
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Exclude a page from being authenticated
Forms Authentication Issue
Date regex, exclude issue
Issue with implementing oauth authentication in ASP.NET core
ReturnUrl issue with form authentication
Forms Authentication issue in IIS7
Forms authentication issue with windows vista
Forms authentication redirect issue
form authentication issue
Azure AD authentication in ASP.NET web forms

Advertise
Privacy
Cookies
Terms of Use
Last Updated 31 Aug 2016
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900