Restrict access to only one page in the application, leaving the rest free

Asked

Viewed 446 times

3

I would like to restrict access by requesting login to only one page in my application. In webconfig I put so, but obviously this way requires authentication on all pages of the application.

   <authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
   </authentication>   
   <authorization>
     <deny users="?"/>
   </authorization>

I could release the pages like this, one by one:

 <location path="Default.aspx">
    <system.web>
       <authorization>
          <allow users="?"/>  
       </authorization>
    </system.web>
 </location>

However, I would like to leave all pages free, except one in the ~/Admin folder/

2 answers

0

You can merge the two question codes and modify a bit as follows:

<authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
</authentication>
<authorization>
     <allow users="*"/>
</authorization>
<location path="foo.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>  
        </authorization>
    </system.web>
</location>

So you release the entire site to everyone, but you also deny only one specific page for the uninitiated. On the "foo.aspx" page of the above configuration, the rule of denying overrides the rule of releasing, because it is more specific - but note that it denies access only to the unauthenticated.

  • did not solve so. I want to request login only if the user tries to access a resource, in case a specific page; The other leave free.

-1

I solved my problem using the ActionFilterAttribute

Just create the filter as the first image, using the logic you need.

And just add the filter to the desired Controller.

inserir a descrição da imagem aqui inserir a descrição da imagem aqui

Browser other questions tagged

You are not signed in. Login or sign up in order to post.