Check if the user is on an unauthorized page
I have a few lines in my web.config file that look like this:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<location path="Error.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I control the login methods myself. Let's assume that the user is not logged in and went to the abc.aspx page. The Abc.aspx page is not allowed to be viewed without logging in as shown in the web.config above, only default.aspx and error.aspx are allowed. How can I check dynamically if the page I am currently on is valid web.config? I could hard code it, but I want to make sure it's doable. So all I have to do is change the web.config not my code every time I want to add a page to the exception list.
+3
source to share
2 answers