anonymous access to aspx page fails

问题

I've a web site that uses forms authentication. For the most part, my web site requires authentication to do anything. My privacy statement page is an exception and has to be accessible to anonymous users. The page is in a folder, and I've set the location path information in the web.config as follows:

<location path="about">
    <system.web>
         <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
<location allowOverride="true">
    <system.web>
        <authentication mode="Forms">
            <forms name="FDAuth" 
                   cookieless="UseCookies" 
                   protection="All" 
                   loginUrl="login.aspx" 
                   requireSSL="false" 
                   slidingExpiration="false"></forms>
        </authentication>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>

That configuration allows anonymous access to other file types, but still prompts for a log in for aspx pages.

In other words, anonymous access is allowed to this page

www.mywebsite.com/about/privacy.asp

but I go to the login.aspx page if I try to access access this page

www.mywebsite.com/about/privacy.aspx

What do I need to do to allow anonymous access to www.mywebsite.com/about/privacy.aspx?

回答1:

just remove the <location allowOverride="true"> element and configure <authorization/> within <system.web/>

<location> tags are used to define exceptions to the global policy, which is typically defined in the <authorization/> within <system.web/>.

回答2:

Just one more thing : Add the line <allow users="?"/>

* users match any authenticated usernames, while ? matches all unauthenticated ones.

So, you would have this :

<location path="about">
    <system.web>
         <authorization>
            <allow users="*"/>
            <allow users="?"/>
        </authorization>
    </system.web>
</location>

回答3:

You should try:

<location path="about">
   <system.web>
      <authorization>
         <allow users="?"/>
      </authorization>
   </system.web>
</location>

As per this MSDN example.

Notice the ? instead of the * used for anonymous access.

This should fix your problem but if not you can specify a specific resources:

<location path="about\privacy.aspx">

回答4:

Got it. The problem was that the page uses a master page. Moving the master page into the about folder solved the problem.

Thanks to the quick responses!

来源：https://stackoverflow.com/questions/3399501/anonymous-access-to-aspx-page-fails