How to allow anonymous user access to virtual directory

Asked 7/9, 2016 at 15:57 Answered 17/9, 2016 at 18:36

Solved asp.net iis virtual-directory asp.net-authorization

I am currently preventing anonymous users access to my root application.

/web.config

  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>

But am allowing anonymous access to public resources (Images, CSS, etc.):

  <location path="Images">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Now, I would like to add a virtual directory which should be accessible to anonymous users. I added a configuration based on the Images path, but whenever I try to access that location, I get redirected to the login page with the ReturnURL set to the virtual directory.

  <location path="virtualDirectory">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

In addition, I tried to specify the global authorization within my virtual directory's web.config but get an error saying I can only have that once

/virtualDirectory/web.config:

  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>

How can I allow anonymous access to a virtual directory when my root application is preventing anonymous access?

Orthotropous answered 7/9, 2016 at 15:57 Comment(4)

What IIS version are you using? I configured mine with the same settings and it worked – Immunotherapy 12/9, 2016 at 19:49

Running locally on Windows 8 – Orthotropous 12/9, 2016 at 20:1

It would help if you were to comment in the already given answers. You dont like them but you say nothing =/ Did you try them? What were the results? – Elyot 15/9, 2016 at 15:15

@Andres - Did you try any of the given answers? – Nova 17/9, 2016 at 4:12

In your global web.config encapsulate the

<system.web>
  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

with

<location path="." inheritInChildApplications="false">
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>   
</location>

It means - authorization is enforced only in root app, not for the child apps.

Antagonize answered 15/9, 2016 at 8:51 Comment(0)

Some notes.

The asterisk mark (*) represents all identity.
The question mark (?) represents the anonymous identity.
So ideally, you don't need to set to allow authentication for the anonymous user for your virtualDirectory in the global web.config.
Go to IIS, under your Virtual Directory > select Authentication > Enable Anonymous Authentication.

Refer

ASP.NET Authorization

How to: Create and Configure Virtual Directories in IIS

Cellulose answered 17/9, 2016 at 18:36 Comment(0)

In your global web.config remove

<location path="virtualDirectory">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
 </location>

Then go to IIS manager and

In the Virtual directory Home area, double-click Authentication
Right-click Anonymous Authentication, and then click Enable

Braid answered 13/9, 2016 at 8:2 Comment(0)

Your authorization rules looks good. The last error you are getting is because you can have authorization section (in fact any section) only once per folder/file/path. So either have it globally i.e. under <location path="virtualDirectory"> or only in web.config of Virtual Directory. Having it in both places will give you an error. What is authentication set at Virtual Directory.

Make sure anonymous is enabled along with the allow authorization rule. (IIS Manager ->Sites -> your specific site->virtual directory-> in the central pane Authentication )

Also in IIS GUI there are ASP.NET Authorization rules (the one you are using currently) and IIS Authorization rules. Make sure there aren't any deny IIS Authorization rules.

Nova answered 15/9, 2016 at 4:26 Comment(0)

Recommended topics

Hot tags