Hi
When we use the forms based Authentication in Asp.Net 2.0 Application. Only the authenticated users can access pages in the application. Unauthenticated users are redirected to the specified login page provided by the loginURL tag. If the user login from that page then the user is redirected to page they wanted to go.
This is perfect when all the pages in the web site are login protected. But that’s not true with all the application. In most of the application some pages are login protected but many pages are not login protected. This means that the user should be given access to a given number of pages even if the user is not authenticated and in login protected pages the user should not allowed the access.
We can define the Login permission based on both one page and a directory. That means we can deny users from one folder or page or allow user to the given pages and directory. We use the location tag to define the rules in the Web.Config.
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!—We first deny any unauthorized user in the site. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!—Now we allow all the user to the default1.aspx(Here the default1.aspx is situated in the same folder as the web.config. Now the user is allowed to visit this page in the folder -->
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!—we can also give unauthenticated users permission on a given directory. -->
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>
Depending on your need you can define the authorization section and create the navigation rules of the site based on user’s profile. These rules can also be added on the basis of the individual user name or user role.
Hope this helps
Thanks
Vikram