authentication and excluding .aspx page by routing MVC

ISSUE:

For example, one page accessed as:

{physicalPath}/popup/Page1.aspx
{projectPath}/popup/Page1.aspx {serverPath}/apsx/external/Page/{id}

Route is registered in Global.asax as:

routes.MapPageRoute("ViewPage","external/Page/{AccessKey}/","~/popup/Page1.aspx",false,newRouteValueDictionary{{ ACCESSKEY,HttpRoutes.RouteParameter.Optional}});
routes.RouteExistingFiles=false;

In Web.config added node:

<locationpath="external"><system.web><authorization><allowusers="?"/><allowusers="*"/></authorization></system.web></location>

Form authentication is configured as:

<authenticationmode="Forms"><formstimeout="120"domain="{host}"cookieless="UseCookies"enableCrossAppRedirects="true"name=".ASPXAUTH"loginUrl="~/Login.aspx"defaultUrl="~/Home/"/></authentication> <authorization><denyusers="?"/><allowusers="*"/></authorization>

When I try to access page using Url:

https://{host}:444/apsx/external/Page/?AccessKey=%3daa3%3ddsa9dsA%2fdwq62%3bwdq5

I get redirected to Login.aspx.

Also tried following:

protectedvoidApplication_BeginRequest(object sender,EventArgs e){HttpContext.Current.Response.AddHeader("x-frame-options","SAMEORIGIN");if(Request.Path=="/apsx/external/Page/"){HttpContext.Current.SkipAuthorization=true;}}

Have not helped :(

SOLUTION:

 If configure Web.config as I described upper, you can specify pattern with virtual path starts from, and apply settings not only to physical files.

For example:

routing:

routes.MapPageRoute("ViewPage","external/Page/{AccessKey}/","~/popup/Page1.aspx",false,newRouteValueDictionary{{ ACCESSKEY,HttpRoutes.RouteParameter.Optional}});

false - the key value, details there.

web config:

<locationpath="external"><system.web><authorization><allowusers="?"/><allowusers="*"/></authorization></system.web></location>

path="external" because my route begins with "external" : 

"external/Page/{AccessKey}/"
posted @ 2014-03-25 09:47  happyu0223  阅读(206)  评论(0编辑  收藏  举报