Some days back when I was working on a simple asp.net application, I tried to implement form based security,  I started with a very simple scenario with only two pages

  1. SignIn.aspx
  2. Default.aspx

In my application only authenticated users were allowed to access “Default.aspx” page which is very easy to implement through form based security, for that I made a change in web.config like this:

<system.web>

<authentication mode=”Forms”>

            <forms loginUrl=”SignIn.aspx” name=”.ASPNETAUTH”></forms>

      </authentication>

      <authorization>

            <deny users=”?”/>

      </authorization>

</system.web>

 

 

This shows if a user is not authenticated he/she will be redirected to “SignIn.aspx” page, which is very nice.

Then I tried to made it more usefull and I added a “SignUp.aspx” page, purpose of the page was very clear, If a user is not authenticated he can use “SignUp” page, but according to my settings in web.config file, accessing the “SignUp” page was not possible because user is only allowed to access “SignIn.aspx” page if he/she is not authenticated, after some googling a found this solution

<location path=”SignUp.aspx”>

            <system.web>

                  <authorization>

                        <allow users=”*”/>

                  </authorization>

            </system.web>

      </location>

      <system.web>

            <authentication mode=”Forms”>

                  <forms loginUrl=”SignIn.aspx” name=”.ASPNETAUTH”></forms>

            </authentication>

            <authorization>

<deny users=”?”/>

            </authorization>

</system.web>

Advertisements