Allow only anonymous users via web.config authorization

asp.net asp.net-authorization role-base-authorization

user1861753 · Jan 6, 2013 · Viewed 16.5k times · Source

I want to use authorization in the web.config to block access to SignUp.aspx to authenticated users. It cannot be accessed by user such as their roles is administrator and Guest.

<location path="SignUp.aspx">
    <system.web>
        <authorization>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

    <authentication mode="Forms">
        <forms name="AuthCookie" loginUrl="Login.aspx" timeout="60" 
                           defaultUrl="Index.aspx"/>
    </authentication>
    <authorization>
        <deny users="?"/>
    </authorization>

Answer

    <authorization>
        <allow users="?"/>
        <deny users="*"/>
    </authorization>

Can't actually validate it now but it should do the trick. The explicit denial of all other users should allow only unauthenticated users allow the page.

Allow only anonymous users via web.config authorization

Answer

Related questions