How to allow an anonymous user access to some given page in MVC?

c# asp.net-mvc forms-authentication
62,829

Solution 1

In MVC you normally use the [Authorize] attribute to manage authorization. Controllers or individual actions that are dressed with that attribute will require that the user is authorized in order to access them - all other actions will be available to anonymous users.

In other words, a black-list approach, where actions that require authorization are black-listed for anonymous users using [Authorize] - all actions (not dressed with the attribute) will be available.

Update:

With MVC4 a new attribute has been introduced, namely the [AllowAnonymous] attribute. Together with the [Authorize] attribute, you can now take a white-list approach instead. The white-list approach is accomplished by dressing the entire controller with the [Authorize] attribute, to force authorization for all actions within that controller. You can then dress specific actions, that shouldn't require authorization, with the [AllowAnonymous] attribute, and thereby white-listing only those actions. With this approach, you can be confident that you don't, by accident, forget to dress an action with the [Authorize], leaving it available to anyone, even though it shouldn't.

Your code could then be something like this:

[Authorize]
public class UserController : Controller {

   [AllowAnonymous]
   public ActionResult LogIn () {
      // This action can be accessed by unauthorized users
   }

   public ActionResult UserDetails () {
      // This action can NOT be accessed by unauthorized users
   }
}

Solution 2

In the Web.config i had the below authorization

<authorization>
    <deny users ="?"/>
</authorization>

this causes the 

[AllowAnonymous]

not work correctly, i had to remove that authorization of my Web.config, and in all the controllers put the line 

[Authorize]

before the declaration of the class, to work correctly.

Share:
62,829
Johnson Duru
Author by

Johnson Duru

Updated on October 03, 2020

Comments

  • Johnson Duru
    Johnson Duru over 3 years

    I have enabled form authentication in my ASP.NET MVC web application. I want to allow anonymous users access only to some specific pages, including Register.cshtml for instance. I was able to allow access to my CSS-file from my root web.config by doing this.

    <location path="Content/Site.css">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

    Now I want to allow anonymous access to other pages, like Home and Register. Do any body know how to achieve this?

  • Johnson Duru
    Johnson Duru about 12 years
    :if this is case why is it that i can't see my Register.cshtml. when i only just enable the form authentication.
  • Christofer Eliasson
    Christofer Eliasson about 12 years
    @JED Not sure, you probably need to complement your question with some more context in order to solve that. Do you get any errors, or what happens when you try to access your register-view?
  • Johnson Duru
    Johnson Duru about 12 years
    i think i know what the problem is. i deny all user access in my config
  • Mohamed Hamdaoui
    Mohamed Hamdaoui over 6 years
    Thank you, this is the only thing that worked for me! Thanks a lot
  • Josue Morales
    Josue Morales over 6 years
    You're welcome, I hope the info was useful for more Developers.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ASP.NET MVC: Get user id of currently logged in user
Getting the current user id (not name) using forms authentication?
Asp.Net Core - simplest possible forms authentication
Storing more information using FormsAuthentication.SetAuthCookie
How to get the current user in ASP.NET MVC
MVC5 Where to put authentication forms in web.config?
How to implement authorization checks in ASP.NET MVC based on Session data?
Unable to logout from ASP.NET MVC application using FormsAuthentication.SignOut()
Authorize attribute not working with roles
ASP.NET - Redirect to Error Page if Roles Authorization Fails