How to specify root (/) location in web.config?

Asked 20/2, 2012 at 8:19 Answered 16/10, 2015 at 21:9

asp.net web-config asp.net-authorization

How does one specify root location in web.config to allow unauthenticated users access it?

The root location is served by default.aspx, but users normally don't see default.aspx, they just see http://mysite.com/.

So I've added

  <location path="~/default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Which works if user hits mysite.com/default.aspx, but if user hits mysite.com/ - he is still redirected to login page.

I've tried <location path="~"> (does not help) and also <location path="~/">, <location path=""> (site fails completely) and could not make it work.

Any ideas?

Conductive answered 20/2, 2012 at 8:19 Comment(6)

can they access at least access the url: http://mysite.com/default.aspx ? – Herriot 20/2, 2012 at 9:0

why you are not using IIRF to redirect the user from default.aspx by writing a rewrite and redirect rule.? – Fossilize 29/11, 2012 at 18:14

Can you post all of the authentication related web.config code? I am assuming there is more where you are denying users, where you define the location of the login. I'd like to see it all, and in the order that you have it specified in your web.config – Prittleprattle 3/12, 2012 at 17:30

Try <location path="default.aspx"> in your web config – Fuzzy 4/12, 2012 at 9:2

Look for lulhuh answer below - it helped me in exact the same situation (mark as answer if it helped you too). – Duodenal 21/10, 2013 at 9:21

Answer by lulhuh should be the accepted answer https://mcmap.net/q/328594/-how-to-specify-root-location-in-web-config – Jacquesjacquet 5/10, 2015 at 22:6

Try this one:

<system.web>
    <urlMappings enabled="true">
        <add url="~/" mappedUrl="~/default.aspx" />
    </urlMappings>
    <authorization>
        <allow roles="admin"/>
        <deny users="*" />
    </authorization>
</system.web>
<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

Ronda answered 3/10, 2013 at 8:54 Comment(2)

path can be a folder ? ~/subfolder ? – Arbor 17/12, 2020 at 15:45

I haven't bothered to actually log in to SO in years, but I reset my pw just so I could upvote this answer. I do not want to confess how much time I've burned trying to solve this problem, but urlMappings did the trick. The only distinction between my scenario and the OP's is that I am using routes, and sticking ~/MyRoute in the mappedUrl worked just fine. (I have also found that I require location authorizations for both the route and the target file.) – Doe 6/4, 2022 at 21:44

only use

<location path=".">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

or don't write path,because the default path is root(.)

Sucre answered 6/1, 2014 at 11:27 Comment(4)

You can't write with only dot ".", you get an error! :D – Topper 23/7, 2014 at 20:48

are you sure? this msdn resource say that default path is dot! msdn.microsoft.com/en-us/library/vstudio/… – Sucre 26/7, 2014 at 5:2

I can confirm dot (and no path at all) is valid for pointing at root, but if anything you put under this location is specified elsewhere (outside the location) in the web config, it will throw an error for duplicate config sections. One would have to remove the "global" definition to make this work. – Dimorphism 22/12, 2017 at 9:2

Oh, also important: Root in this case actually means "Root and everything below it" so this solution effectively means you have granted anonymous access to the whole site. – Dimorphism 22/12, 2017 at 9:5

You can achieve by 2 method

Method 1:

You can set redirect path to http://mysite.com/default.aspx in IIS if any user directly comes to your site.in IIS7 you can do that by clicking on Default Document. Here i attached image for your reference

IIS7 setting to add your default page redirection

Method 2

You can go through this URL ASp.NET Membership to set your web config settings.

Let me know if you need more detail on this.

Arthro answered 29/11, 2012 at 10:16 Comment(0)

The way we done it in the past was to create a folder for all functionality that requires login and set require auth for that folder. All aspx go to that folder. The root of the site stays open.

Jab answered 30/11, 2012 at 9:51 Comment(1)

Well, our situation is the opposite, we only have a handful of pages that don't require authentication. It doesn't really makes sense to use your approach now. – Pearsall 3/12, 2012 at 6:19

You probably use a forms authentification no?

<authentication mode="Forms">
   <forms loginUrl="~/Default.aspx" />
</authentication>

This will solve your problem. An alternative is:

  <location path="~/Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Ferrara answered 30/11, 2012 at 19:40 Comment(1)

Authorization doesn't happen on the main page, I have a separate form for user login, so the first advice doesn't work in my case. I have the location directive similar to what you posted, but it doesn't help. example.com/MainPage.aspx works while just example.com doesn't. – Pearsall 3/12, 2012 at 6:18

If you only want to let unauthenticated users to access default.aspx you can use

  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

before <system.web> and set that page as default in your web server.
In Visual Studio you can select the page and "Set As Start Page".

If you want to allow access to all the files in the root you have to create folders where you put your pages which need to be accessed by authenticated users.

You can create a Secure folder where you can put all your protected pages and change your web.config this way:

  <location path="Secure">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

removing

    <authorization>
        <deny users="?"/>
    </authorization>

Deliladelilah answered 20/2, 2012 at 9:9 Comment(1)

this is exact the configuration I've posted in the question, and as I indicated - it is not working. the request for root directory (mysite.com/) is treated different than request to mysite.com/default.aspx - the rule for default.aspx does not apply – Conductive 29/2, 2012 at 1:28

To specify root directory you have to set it outside the location block.

<configuration> 
  <system.web>
    <authorization>
      <allow users=“*“/>
    </authorization>
  </system.web>
</configuration>

and then secure your other folder using location block

<location path=“AccessDenied.aspx“>
    <system.web>
        <authorization>
            <deny users=“?“/>
        </authorization>
    </system.web>
</location>

Outbalance answered 29/8, 2013 at 6:35 Comment(0)

Use this :

<location path="Default.aspx">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>
<location path="~">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

It works for me.

Ineslta answered 2/9, 2014 at 9:1 Comment(0)

Merk was right!

I used

<location path="">
            <system.webServer>
                <httpRedirect enabled="true" destination="http://www.newpathdestination.com" exactDestination="true" httpResponseStatus="Permanent" />
            </system.webServer>
        </location>

on Windows netserver (don't ask), making sure to put nothing in between the quotes for location path. Redirects a request for the old home page to the new home page.

Lynden answered 16/10, 2015 at 21:9 Comment(0)

-4

If you want to specify the root of the directory, use <location path="" >

Genetic answered 28/8, 2012 at 23:13 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags