Allow only anonymous users via web.config authorization

user1861753 picture user1861753 · Jan 6, 2013 · Viewed 16.5k times · Source

I want to use authorization in the web.config to block access to SignUp.aspx to authenticated users. It cannot be accessed by user such as their roles is administrator and Guest.

<location path="SignUp.aspx">
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

    <authentication mode="Forms">
        <forms name="AuthCookie" loginUrl="Login.aspx" timeout="60" 
                           defaultUrl="Index.aspx"/>
    </authentication>
    <authorization>
        <deny users="?"/>
    </authorization>

Answer

Wiktor Zychla picture Wiktor Zychla · Jan 6, 2013
    <authorization>
        <allow users="?"/>
        <deny users="*"/>
    </authorization>

Can't actually validate it now but it should do the trick. The explicit denial of all other users should allow only unauthenticated users allow the page.