Forms Authentication: <location> authorization not bypasssing login page. -- asp.net security

M Gallagher
7/23/2005 4:07:00 PM

I am trying to configure my forms authentication so a certain page is not
subject to a redirect to the login page. This seems like it should be a
simple thing to do with a <location> tag, but its just not working. Requets
to the page (public.aspx) specified in the <location> tag are still being
redirected to the login page. The login page is in a subdirectory of the
application root where web.config resides. Here is the code from the
web.config file. Anyone know what Im doing wrong and why I cant grant
access to that one page without hitting the login page?

<configuration>

<system.web>

<authentication mode="Forms">

<forms loginUrl="logon/logon.aspx" timeout="120"/>

</authentication>

<authorization>

<allow roles="MyUsers"/>

<deny users="*"/>

</authorization>

</system.web>

<location path="logon">

<system.web>

<authorization>

<allow users="*"/>

</authorization>

</system.web>

</location>

<location path="public.aspx">

<system.web>

<authorization>

<allow users="*"/>

</authorization>

</system.web>

</location>

Joe
7/29/2005 3:37:35 PM

Here's a location tag the way I have it setup to avoid the authentication:

<location path="quickpage.aspx">
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" />
<authorization>
<allow users ="*"/>
</authorization>
</system.web>
</location>

[quoted text, click to view]

asp.net security : Forms Authentication: <location> authorization not bypasssing login page.