5

I have an intranet site with basic authentication.

Is it possible to have just one page not ask for the credetials? As in allow access to anyone just for the one page?

Can something be set in web.config for the single page?

Improve this question
3
  • this is possible, just google it please; "asp.net Authorization"... weblogs.asp.net/gurusarkar/archive/2008/09/29/… Commented Aug 7, 2012 at 13:15
  • 2
    Why should he google it, its a valid question and if someone is on this site and wants to do the same thing he should be able to search for it on this site and find it. Commented Aug 7, 2012 at 13:18
  • because the question is duplicate stackoverflow.com/questions/3628445/… Commented Aug 7, 2012 at 14:05

3 Answers 3

Reset to default
5

Add the following element to the configuration node you web.config:

<location path="aFolder/aPageToExclude.aspx">
     <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

For more info and usage have a look at the MSDN documentation: Location Element (ASP.NET Settings Schema)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Wasn't sure if that is enough, I have thought about it though. Will try it and see. Thanks.
Hmmm it still asks for credentials. This is what I have <location path="Page.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> and that is placed within the <configuration> tags.
1

What I do is that I don't use ASP.Net Authentication. What I do is when the user enters their username and password, I check the database for if a row with that username and password exists.

You can do that using objDataSet.Tables[0].Rows.Count > 0. You can put that in an 'if' condition and then take the username and put it in a session. You do this like this:

Session["username"] = (Username Variable Here). Then, you create two master pages, one is for pages that are only accessible to a logged in person, and one that is accessible for anyone. In the master page that only gives access to a person who is logged in, you can check if the session data is null or not. If it is null, you can redirect that person back to the login page. The LoggedIn master page can just stay as is. If you already have a master page, then you can duplicate it, and add that condition. If you have not implemented master pages yet, you can put the condition in the page load of every page that needs a user to be logged in to access that page. Because you are using sessions and not cookies, it will be harder for a user to hack into this system.

Improve this answer

1 Comment

This adds nothing to the accepted answer (which is the correct way to do it), I'm afraid. I would not recommend anyone follow this advice.
0

you need to overwrite your web.config file settings.
you need to create one folder and create one more web.config file in that folder.
Then put Page.aspx in that folder.
Then modify that web.config file code like below:

<authentication mode="Forms">
</authentication>

Note:

1) you don't have to mention users=* it's automatically allows all the users to access those pages under that folder.

or

What you can do is if you are already using directory structure for pages, then you can keep that page.aspx in the same level where you have Login page.

Improve this answer

1 Comment

There is no login page as the "site" uses basic authentication.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.