0

I'm learning how to use the asp authentication, and I have created a test project for it. I have the Default page, the Login page and a Test folder with a Default page inside.

I want that Default page accesible for everyone (so, without authentication) and the "Test/Default.aspx" private. My "Web.config" is like this:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
    <authentication mode="Forms">
        <forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH" >
        </forms>
    </authentication>
    <authorization>
        <allow users="*" />
    </authorization>

    </system.web>

    <location path="Empresas">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
    </location>
</configuration>

This way, when I access to the Test/Default.aspx page, I can enter even without authorization, and I don't know why. However, if I change "deny users=?" for "deny users=*", then I can't access even when I am authenticated, so the location tag is working correctly.

I change the password every time, just in case it was a cookies problem, but it isn't.

QUESTION: What is wrong in my web.config, or what do I have to do to create some pages privated?

Thank you very much in advance

Improve this question

1 Answer 1

Reset to default
1

how about allow users="?" i.e. allow authenticated users

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.