Restrict access to only one page in the application, leaving the rest free

Question

Restrict access to only one page in the application, leaving the rest free

Asked 7 years, 1 month ago

Viewed 446 times

3

I would like to restrict access by requesting login to only one page in my application. In webconfig I put so, but obviously this way requires authentication on all pages of the application.

   <authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
   </authentication>   
   <authorization>
     <deny users="?"/>
   </authorization>

I could release the pages like this, one by one:

 <location path="Default.aspx">
    <system.web>
       <authorization>
          <allow users="?"/>  
       </authorization>
    </system.web>
 </location>

However, I would like to leave all pages free, except one in the ~/Admin folder/

2 answers

Browser other questions tagged c# asp.net authentication web.config

You are not signed in. Login or sign up in order to post.

by Oralista de Sistemas • **23,115** points · Answer 1 · 2017-05-05T16:17:30+00:00

You can merge the two question codes and modify a bit as follows:

<authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
</authentication>
<authorization>
     <allow users="*"/>
</authorization>
<location path="foo.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>  
        </authorization>
    </system.web>
</location>

So you release the entire site to everyone, but you also deny only one specific page for the uninitiated. On the "foo.aspx" page of the above configuration, the rule of denying overrides the rule of releasing, because it is more specific - but note that it denies access only to the unauthenticated.

by Cassio Alves • **1,033** points · Answer 2 · 2017-05-11T17:32:23+00:00

I solved my problem using the ActionFilterAttribute

Just create the filter as the first image, using the logic you need.

And just add the filter to the desired Controller.