Restrict access to only one page in the application, leaving the others free

1

I would like to restrict access by requesting login to only one page in my application. In webconfig I put it like this, but obviously this requires authentication on every page of the application.

   <authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
   </authentication>   
   <authorization>
     <deny users="?"/>
   </authorization>

I could release the pages doing so, one by one:

 <location path="Default.aspx">
    <system.web>
       <authorization>
          <allow users="?"/>  
       </authorization>
    </system.web>
 </location>

However, I would like to leave all the pages, except one in the ~ / Admin /

folder,     
asked by anonymous 05.05.2017 / 16:28

2 answers

0

You can merge the two question codes and modify it a bit, as follows:

<authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
</authentication>
<authorization>
     <allow users="*"/>
</authorization>
<location path="foo.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>  
        </authorization>
    </system.web>
</location>

So you release the entire site to everyone, but also deny only a specific page for the unauthenticated. In the "foo.aspx" page of the above configuration the deny rule overlaps with the deny rule, because it is more specific - but note that it denies access to only the unauthenticated.     

05.05.2017 / 18:17
0

I solved my problem using ActionFilterAttribute

Just create the filter as the first image, using the logic you need.

And just add the filter to the desired Controller.

    
11.05.2017 / 19:32