>>>>>>>>Hi,
>>>>>>>>I am trying to figure out how to allow user to one page of the ASP.NET application that bypasses the authentication form. Let me describe:
>>>>>>>>When using form authentication (in web.config) I specify that a user has to be authenticated before allowing him/her to see any page. Here is the code in the web.config:
>>>>>>>>
>>>>>>>><authentication mode="Forms">
>>>>>>>> <forms name="MyAppName" path="/" loginUrl="MyAppLogonForm.aspx"/>
>>>>>>>></authentication>
>>>>>>>>
>>>>>>>>
>>>>>>>>But I want to add to the MyAppLogonForm an option/button for user to register. So in order for the user to register he/she has to be allowed to the registration form. But the Form authentication stops it. So I am in the Catch 22.
>>>>>>>>
>>>>>>>>Is there a method to allow a certain page to "bypass" the authentication form?
>>>>>>>
>>>>>>>Normally we set our top level folder to allow all (this is done in web.config), and set subfolders to be restricted to authenticated users (or admin role or whatever you define). This is all done in web.config - you would have separate web.configs for subfolders.
>>>>>>>
>>>>>>>>
>>>>>>>>TIA
>>>>>>
>>>>>>I will have to learn how to separate pages into folders and have separate web.config for subfolders. Thank you.
>>>>>
>>>>>An example web.config for a subfolder (and you can google the authorization section to see why this works)..
>>>>>
>>>>><configuration>
>>>>> <appSettings />
>>>>> <connectionStrings />
>>>>> <system.web>
>>>>> <authorization>
>>>>> <deny users="?" />
>>>>> <allow roles="Admin,Counselor,Management,Staff" />
>>>>> <deny users="*" />
>>>>> </authorization>
>>>>> <compilation>
>>>>> <assemblies />
>>>>> </compilation>
>>>>> </system.web>
>>>>></configuration>
>>>>>
>>>>
>>>>Thank you. So you create physical folders on the server right? For example, my app resides in one folder on the server. E.g.:
>>>>c:\inetpub\wwwroot\MyAppFolder
>>>>
>>>>But my understanding is that you create subfolders as:
>>>>c:\inetpub\wwwroot\MyAppMainFolder
>>>>c:\inetpub\wwwroot\MyAppMainFolder\Subfolder1
>>>>c:\inetpub\wwwroot\MyAppMainFolder\Subfolder2
>>>>
>>>>And then various pages (aspx) go to different folder (subfolder1, subfolder2) and each subfolder has its own web.confg. Do I understand correctly?
>>>
>>>You are correct.
>>>
>>>The web.config in the root folder has all the major configuration options (everything to make the site function). The web.configs in the subfolders only have the authorization settings to restrict/allow access to the subfolder.
>>
>>I am glad that ASP.NET is designed in such way that web.config in sub-folder "inherits" the settings in the main folder. Thank you.
>
>If you do need to override the security for one page in a folder, you can also specify it through the location element in the web.config file:
http://support.microsoft.com/kb/316871This looks like easier solution for me. Thank you very much.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham
