You want to restrict access to many, but not all, of the pages in your application (i.e., you want to make some pages accessible to the public).
Implement the solution described in Recipe 8.1 and then modify the contents of the
web.config file to list the pages that allow
public access and those that require authentication.
web.config as follows:
<deny> child element of the
<authorization> element to
<allow> child element to deny
access to all users.
<location> element to the
configuration level for each application page to specify whether it
is available to the public or only to authenticated users.
Example 8-5 shows how we have implemented this
solution with some sample
web.config entries. We
begin by adding settings that deny access to all users. We then add
settings that allow public access to PublicPage.aspx but restrict access to
Home.aspx only to authenticated
The approach we advocate for this recipe is the same as for
Recipe 8.1, except for certain aspects of
web.config file configuration.
<authentication> element and its
<forms> child are the same as in
We have modified the
that we used in Recipe 8.1 to deny
access to all users. By denying authorization to all users at the
application level, elements can be added to authorize access to
Access to the individual pages in the application ...