My objective is to restrict access to a page and its child pages (all under one subdirectory), unless the user is logged in. I've read about several ways to restrict access to a directory, but I'd like to do this using only the root web.config if possible.
I tried adding a this to the web.config but it had no effect:
|<location path="~/MembersOnly" > |
| <system.web> |
| <authorization> |
| <allow roles="Members"/> |
| <deny users="?" /> |
| </authorization> |
| </system.web> |
I tried to allow only by role of Members, but I suppose this may be unnecessary. This is using the default Sitefinity provider. Anonymous users were not redirected at all and could still access anything under /MembersOnly.
Here is the authentication snippet form the web.config:
|<authentication mode="Forms"> |
| <forms name=".ASPNET" loginUrl="~/sitefinity/login.aspx" protection="All" timeout="1440" path="/" /> |
Both snippets are in the correct location/order in web.config, under <system.web>. The authentication section is unchanged from the install, as far as I know.
I also tried restricting access via the page Properties, but while it "worked," it redirected all anonymous users to the /sitefinity/login.aspx page. This method could also be used but I'm not sure how to redirect users to another login page (/MemberLogin.aspx), while still redirecting anonymous access to /sitefinity, to /sitefinity/login.aspx.
Any suggestions would be appreciated. We strongly prefer to do this without code-behind, using only the root web.config and/or page properties. Thanks!