Help and Support

Article ID: 316871 - Last Review: May 19, 2003 - Revision: 3.3

HOW TO: Control Authorization Permissions in an ASP.NET Application

View products that this article applies to.
This article was previously published under Q316871

On This Page

Expand all | Collapse all

SUMMARY

Use this step-by-step guide to apply the <location> tag to the Web.config file to configure access to a specific file and folder.

When using forms-based authentication in ASP.NET applications, only authenticated users are granted access to pages in the application. Unauthenticated users are automatically redirected to the page specified by the loginUrl attribute of the Web.config file where they can submit their credentials. In some cases, you may want to permit users to access certain pages in an application without requiring authentication.

Back to the top

Configure Access to a Specific File and Folder

  1. Set up forms-based authentication.For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
    308157  (http://support.microsoft.com/kb/308157/EN-US/ ) HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET
    301240  (http://support.microsoft.com/kb/301240/EN-US/ ) HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by Using C# .NET
  2. Request any page in your application to be redirected to Logon.aspx automatically.
  3. In the Web.config file, type or paste the following code.

    This code grants all users access to the Default1.aspx page and the Subdir1 folder. 
    <configuration>
	<system.web>
		<authentication mode="Forms" >
			<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
			</forms>
		</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
		<authorization>
			<deny users="?" /> 
		</authorization>
	</system.web>
<!-- This section gives the unauthenticated user access to the Default1.aspx page only. It is located in the same folder as this configuration file. -->
		<location path="default1.aspx">
		<system.web>
		<authorization>
			<allow users ="*" />
		</authorization>
		</system.web>
		</location>
<!-- This section gives the unauthenticated user access to all of the files that are stored in the Subdir1 folder.  -->
		<location path="subdir1">
		<system.web>
		<authorization>
			<allow users ="*" />
		</authorization>
		</system.web>
		</location>
</configuration>
    Users can open the Default1.aspx file or any other file saved in the Subdir1 folder in your application. They will not be redirected automatically to the Logon.aspx file for authentication.
  4. Repeat Step 3 to identify any other pages or folders for which you want to permit access by unauthenticated users.
Back to the top

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
306590  (http://support.microsoft.com/kb/306590/EN-US/ ) INFO: ASP.NET Security Overview
For more information about the <location> tag, see the .NET Developer's Framework Guide on the following Microsoft Web site:
Configuration <location> Settings (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconconfigurationlocationsettings.asp)
Back to the top
APPLIES TO
  • Microsoft ASP.NET 1.0
  • Microsoft ASP.NET 1.1
Back to the top
Keywords: 
kbconfig kbhowtomaster kbsecurity kbweb KB316871
Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations