Allow only anonymous users via web.config authorization
Asked Answered
H

1

7

I want to use authorization in the web.config to block access to SignUp.aspx to authenticated users. It cannot be accessed by user such as their roles is administrator and Guest.

<location path="SignUp.aspx">
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

    <authentication mode="Forms">
        <forms name="AuthCookie" loginUrl="Login.aspx" timeout="60" 
                           defaultUrl="Index.aspx"/>
    </authentication>
    <authorization>
        <deny users="?"/>
    </authorization>
Headspring answered 6/1, 2013 at 7:52 Comment(2)
Are you using web forms or MVC?Salol
Looks like Web Forms based on the .aspx file, but it's not really relevant here.Ovoid
M
8
    <authorization>
        <allow users="?"/>
        <deny users="*"/>
    </authorization>

Can't actually validate it now but it should do the trick. The explicit denial of all other users should allow only unauthenticated users allow the page.

Metrist answered 6/1, 2013 at 11:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.