Thursday, June 21, 2012

Role Based Security Using Form Authentication in ASP.NET , <Location path=’’ > not working and Login page does not have permission for anonymous users

I have created ASP.net web based application using Form Authentication. I need a section with role privileges and login page should be access by all users. when I specify the authorization in default section my login page loaded with out CSS since those files do not have permissions.

Thus I used following approach and it worked for me.

    <system.web>
<
authentication mode="Forms" >
<
forms name="SomeName" loginUrl="Login.aspx"
slidingExpiration="true" protection="None"
path="/" defaultUrl="Home.aspx" timeout="20" >
</
forms>
</
authentication>
</
system.web>
    <!--Permision for the site-->
<
location allowOverride="true">
<
system.web>
<
authorization>
<
deny users ="?" />
</
authorization>
</
system.web>
</
location>

<!--
Permision for the Login page-->
<
location path="Login.aspx">
<
system.web>
<
authorization>
<
allow users ="*" />
</
authorization>
</
system.web>
</
location>

<!--
permision setting section-->
<
location path="Settings">
<
system.web>
<
authorization>
<
deny users ="?" roles="User"/>
</
authorization>
</
system.web>
</
location>
Post a Comment