Is This For You?
How often do you need your website to have both public and private pages? How often have you thought that creating virtual directories with specific web.config files was lame? If you feel the pain and want it to go away, read on! Also note that although I'll refer a lot to
HttpHandlers on this post, everything here (except the route registration) is also true for common web pages.
Be Sure To Have a Look At This
A few days ago, I wrote about handling HttpHandlers with ASP.NET routing. I'll refer to those extension methods to register my test handler route, so have a look at that post before continuing.
Now what I need is a way to override the default
FormsAuthentication configuration for a specific set of
Virtual Folder, web.config, and the ASHX Files
FormsAuthentication supports this out-of-the-box by simply putting the resources with special security concerns on a separate folder with its own web.config file.
So if you want a virtual directory to allow access to anonymous users, just add a web.config file with nothing but this in it:
This will work for any resource and can be accessed through a URL, but this isn't always the case with
FormsAuthentication and HttpHandlers without ASHX File
Using the extension methods I wrote on the said previous post, you can create an
HttpHandler by simply creating a new class and implementing the
IHttpHandler interface and pointing a route to it, just like this:
This means that, whenever you call ht**://mydomain/Unsecured/Controllers/Test, the request will be routed to the
MyUnsecuredHandler instance, not to a physical URI location as usual. Now have a look at the route. It begins with Unsecured right? Keep reading and you'll understand why.
But we're not there yet, what I really want is to say that some of my handlers allow anonymous requests, and for that, I'll edit my website web.config and add the following:
Now it is done! Notice that on the location path, I only have unsecured. This will grant request permissions to all routes that begin with unsecured! This is great because now I don't have to bother about structuring the resources on virtual directories and possibly duplicating the code for different scenarios. Whenever I need a
Page or and
HttpHandler to be available to anonymous users, I just need to create a route to it that begins with unsecured.
If you don't like this approach (specially for pages where the URL is visible for users), you can always add as much
location entries on the web.config as you like.
If you're not using Routing, you can still specify a location to your resources putting the URI of the Page or
HttpHandler on the