1

I am using ASP.NET4 with MVC3. I would like to configure my website to use forms Authentication in the following way:

  • UNauthenticated users should have access to everything (i.e. /, /home, /freebies )...
  • ... except for anything under /paidServices (i.e. /paidServices/fancy, /paidServices)

How do I configure this in my web.config file? My current configuration always goes to the logon page when the user hits the root URL(/), but it should not. It should only go to the logon page if the user tries to access the /paidServices url.

My configuration is as follows:

<configuration>
    <system.web>
        <authentication mode="Forms">
          <forms loginUrl="~/Account/LogOn" path="/" timeout="2880" />
        </authentication>
        <authorization>
          <allow users="*"/>
        </authorization>
    </system.web>

    <location path="~/paidServices">
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>

    ... etc ...
</configuration>

What am I doing wrong? Is the fact that I am using ASP.NET MVC making this more complicated?

Improve this question
1
  • Are you using the Authorize attribute on the relevant controllers? See: this SO question for a similar question and answer demonstrating how to do this Commented May 7, 2011 at 11:36

2 Answers 2

Reset to default
2

It's better practice to use Authorize attributes in MVC. These can be applied to a whole controller or just a single controller action.

For example:

[Authorize]
public class paidServicesController
{
 ....
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

False alarm. The configuration is question was correct. I omitted a URL in my MVC routes configuration, so the default URL (/) was going to the secure section and the Logon form was being shown as expected.

Phil Haack's Route Debugger helped pinpoint the problem: http://haacked.com/archive/2008/03/13/url-routing-debugger.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.