How do I grant anonymous access to a url using FormsAuthentication?
- by Brian Bolton
For the most part, my webapp requires authentication to do anything. There are a few pages, namely the homepage, that I'd like people to be able to access without authenticating.
Specifically, I'd like to allow anonymous access to these urls:
/home
/default.aspx
I'm using asp.net MVC and FormsAuthentication. Both urls point to the same view:
/home/index.aspx
Here is my current configuration in web.config.
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
Reading the documentation for the authorization tag, it says "Configures the authorization for a Web application, controlling client access to URL resources." It seems like I should be able to use the authorization tag to specify a url and allow access.
Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<authorization url="/default.aspx">
<allow users="?" />
</authorization>
<authorization url="/home">
<allow users="?" />
</authorization>