deny anonymous for all pages except the "~/" path in asp.net
in asp.net, i use this config section to deny anonymous users for all pages.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
and i use the following to declare an exception that anonymous can access.
<location path="Welcome.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
that works fine for me.
however, how can i set only the default page as an exception? (such as: anonymous can access only http://mysite/, but can NOT access any other pages in the site?)
i'v tried use location path="~/" or "/" and it doesn't work.
If path="Default.aspx"
doesn't work then it cannot be done using configuration. There's no syntax available to specify only the application root in the path attribute.
I think you can change your folder structre to achieve this. Then you can change the web.config
to deny user
<configuration>
<system.web>
<authorization>
<allow roles="administrators" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
链接地址: http://www.djcxy.com/p/9544.html