Turn Off security for specific pages

[abacnet]

In my case each page that needs to be secured has this entry in the
web.config page :
<location path="Webform1.aspx">
<system.web>
<authorization>
<allow roles="ROLE1, ROLE2" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Webform2.aspx">
<system.web>
<authorization>
<allow roles="ROLE1, ROLE3" />
<deny users="*" />
</authorization>
</system.web>
</location>

Then any page that is not there is not secured. So if we follow this logic,
if forgotpassword.aspx does not have an entry in the Web.config file then
it is not secured.


"Emad" <iemad@hotmail.com> wrote in message
news:%23Y$TJPvUDHA.424@TK2MSFTNGP11.phx.gbl...

> I have an asp.net application using form authentication for security....

I

> have a link on the login screen that links to another forgotpassword.aspx
> page... I want to unsecure forgotpassword.aspx so that you don't have to

be

> logged in to view it.... I saw this somewhere and I know that it can be
> done in the web.config but I can't figure out where it is.
>
> Any help?
>
> Thanks
>
> Emad
>
>

[Michael Pearson]

Put your "unsecured" pages in a different directory. I have my login and forgot your password pages in a subdirectory. My web.config has this in it.

<authentication mode="Forms">


<forms name=".cookiename" lognUrl="login/login.aspx" protectin="None" timeout="20" path="/">

</forms>

Michael

"Emad" <iemad@hotmail.com> wrote in message news:%23Y$TJPvUDHA.424@TK2MSFTNGP11.phx.gbl...

> I have an asp.net application using form authentication for security.... I
> have a link on the login screen that links to another forgotpassword.aspx
> page... I want to unsecure forgotpassword.aspx so that you don't have to be
> logged in to view it.... I saw this somewhere and I know that it can be
> done in the web.config but I can't figure out where it is.
>
> Any help?
>
> Thanks
>
> Emad
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.502 / Virus Database: 300 - Release Date: 7/18/2003

[abacnet]

In my case all the Login related pages are in a completely separate project, under IIS. So they have their own directory and web.config file. If your Login files are in the same project then what about trying to put another web.config file just under the Login/ directory? Configuration files are are inherited from parent, by default. We can override them for a subdirectory.
"Michael Pearson" <michaelp_extrajunktoremove@televox.com> wrote in message news:%23Ylw$ivUDHA.3308@tk2msftngp13.phx.gbl...
Put your "unsecured" pages in a different directory. I have my login and forgot your password pages in a subdirectory. My web.config has this in it.

<authentication mode="Forms">


<forms name=".cookiename" lognUrl="login/login.aspx" protectin="None" timeout="20" path="/">

</forms>

Michael

"Emad" <iemad@hotmail.com> wrote in message news:%23Y$TJPvUDHA.424@TK2MSFTNGP11.phx.gbl...

> I have an asp.net application using form authentication for security.... I
> have a link on the login screen that links to another forgotpassword.aspx
> page... I want to unsecure forgotpassword.aspx so that you don't have to be
> logged in to view it.... I saw this somewhere and I know that it can be
> done in the web.config but I can't figure out where it is.
>
> Any help?
>
> Thanks
>
> Emad
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.502 / Virus Database: 300 - Release Date: 7/18/2003

[abacnet]

In my case all the Login related pages are in a completely separate project, under IIS. So they have their own directory and web.config file. If your Login files are in the same project then what about trying to put another web.config file just under the Login/ directory? Configuration files are are inherited from parent, by default. We can override them for a subdirectory.
"Michael Pearson" <michaelp_extrajunktoremove@televox.com> wrote in message news:%23Ylw$ivUDHA.3308@tk2msftngp13.phx.gbl...
Put your "unsecured" pages in a different directory. I have my login and forgot your password pages in a subdirectory. My web.config has this in it.

<authentication mode="Forms">


<forms name=".cookiename" lognUrl="login/login.aspx" protectin="None" timeout="20" path="/">

</forms>

Michael

"Emad" <iemad@hotmail.com> wrote in message news:%23Y$TJPvUDHA.424@TK2MSFTNGP11.phx.gbl...

> I have an asp.net application using form authentication for security.... I
> have a link on the login screen that links to another forgotpassword.aspx
> page... I want to unsecure forgotpassword.aspx so that you don't have to be
> logged in to view it.... I saw this somewhere and I know that it can be
> done in the web.config but I can't figure out where it is.
>
> Any help?
>
> Thanks
>
> Emad
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.502 / Virus Database: 300 - Release Date: 7/18/2003