I have set up my web.config file to except a redirect to another page within the root and it works just fine. Now I have added another page for a password forget and it's not allowing me. I have added another location variable to allow it, but it doesn't seem to like it. Any clue??

<location path="epass.aspx">


<system.web>


<authorization>


<allow users="*" />


</authorization>


<customErrors mode="Off"/>


</system.web>


</location>

---

- km

______________________________________

"always here and always forever"

Hi,

Can you show how you have set up the config file for redirection. Your location path tag for password is fine. Kindly provide the tags how you have authorized the other pages so that we can check out whats going wrong.

thanks.

---

regards,
Harish

http://geekswithblogs.net/ranganh

All I am doing is adding another tag just like the one I stated in the the post. I just changed the name of the file and its right below the epass.aspx file location tag.

---

- km

______________________________________

"always here and always forever"

Hi,

Then it should restrict only that folder and allow all the other folders. I guess you have given the authorization as deny users="?" globally in the web.config file's authentication settings.

Please provide ur web.config so that I can make out. You can mask or hide the sensitive data, if you worry about disclosing them.

thanks.

---

regards,
Harish

http://geekswithblogs.net/ranganh

Here is the code.... All I did was add another non-restrictive location tag to it and it's not allowing... Any suggestion??

<configuration>


  <system.web>


      <authentication mode="Forms">


        <forms name=".ASPXkmDEMO" loginUrl="login.aspx" protection="All" timeout="15">


        </forms>


      </authentication>


      <authorization>


        <allow users="*" />


        <deny users="?" />


      </authorization>


   <customErrors mode="Off"/>


  </system.web>


<location path="registration.aspx">


<system.web>


<authorization>


<allow users="*" />


</authorization>


<customErrors mode="Off"/>


</system.web>


</location>


<location path="epass.aspx">


<system.web>


<authorization>


<allow users="*" />


</authorization>


<customErrors mode="Off"/>


</system.web>


</location>


 </configuration>

---

- km

______________________________________

"always here and always forever"

Hi,

There are 2 corrections required in your web.config.

First thing, in the authorization settings, you have specified both

<allow users="*" />


<deny users="?" />

Remove the first one since it will allow all the users. Deny users=? means you are denying access to anonymous users. allow users=* - you allow all users irrespective of whether they are logged in or not to view the page. You should choose which one you want to implement and remove the other tag accordingly.

Secondly, you have specified custom errors in each and every location path tag. Remove that. Its enough if you specify for once for a config file.

Honestly speaking, i tried copying your config file and it allowed me for all the pages including the pages you have specified because of the allow users=* you have put before the deny users=? So I wonder how it doesnt allow you to the epass.aspx page and registration.aspx pages.

One thing you need to confirm is that, the registration.aspx and the epass.aspx exist in the same folder where you have this config file.

Write back if you still face issues.

Thanks.

---

regards,
Harish

http://geekswithblogs.net/ranganh

This is why I wish I had my own server. I go through a host and even with removing the allow="*" that doesn't allow it. As I said befor it will allow me to go to the registration.aspx page, but not the epass.apsx page. They are both in the same folder too. Any suggestions??

---

- km

______________________________________

"always here and always forever"