Chris Fewtrell Chris Fewtrell - 3 months ago 89
ASP.NET (C#) Question

Allow anonymous authentication for a single folder in web.config?

So here is the scenario, I have an Asp.Net application that is using a custom authentication & membership provider but we need to allow completely anonymous access (i.e.) to a particular folder within the application.

In IIS manager, you can set the authentication mode of a folder, but the settings are saved within

C:\Windows\System32\inetsrv\config\applicationHost.config
file as described here

To make installation easier, it would be great if I could set this within my web.config but after a couple of attempts I think this may not be possible.

Does anyone know otherwise?

Many thanks

Answer

Use <location> configuration tag, and <allow users="?"/> to allow anonymous only or <allow users="*"/> for all:

<configuration>
   <location path="Path/To/Public/Folder">
      <system.web>
         <authorization>
            <allow users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>