c# – Restrict access to only one page in the application, leaving the others free

Question:

I would like to restrict access by requesting login to just one page in my application. In webconfig I put it like this, but obviously this way requires authentication on all application pages.

   <authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
   </authentication>   
   <authorization>
     <deny users="?"/>
   </authorization>

I could release the pages doing this, one by one:

 <location path="Default.aspx">
    <system.web>
       <authorization>
          <allow users="?"/>  
       </authorization>
    </system.web>
 </location>

However, I would like to leave all pages free except one in the ~/Admin/ folder

Answer:

You can merge the two question codes and modify a little, as follows:

<authentication mode="Forms">
    <forms loginUrl="~/Admin/Login.aspx" name=".ASPXFORMSAUTH">          
    </forms>
</authentication>
<authorization>
     <allow users="*"/>
</authorization>
<location path="foo.aspx">
    <system.web>
        <authorization>
            <deny users="?"/>  
        </authorization>
    </system.web>
</location>

So you release the entire site to everyone, but also deny only a specific page to the unauthenticated. On the "foo.aspx" page of the configuration above, the deny rule overrides the allow one, as it is more specific – but note that it denies access only to the unauthenticated.

Scroll to Top
AllEscort