1

I have created an authentication module in ASP.Net but I do not want the logic in the authentication module to be executed if the resource is configured for anonymous access since the logic is expensive.

There are pages that require authentication in the same directory with pages that do not require authentication. I have no control over this. Is there an easy way to determine that a resource is configured to allow anonymous access prior to the URLAuthorizationModule?

Currently, I am doing the following which does "feel" right. Any help would be appreciated.

public static bool AllowEveryone()
        {
            bool rslt = false;

            AuthorizationSection config = (AuthorizationSection)WebConfigurationManager.GetSection("system.web/authorization");
            if (config.Rules != null && config.Rules.Count > 0)
            {

                AuthorizationRule r = config.Rules[0];  //doing this based on implementation of urlauthorization module in reflector...
                if (r.Action == AuthorizationRuleAction.Allow && r.Users.Contains("*"))
                {
                    return true;
                }

                //todo: check for allow anon ? case


            }

            return rslt;
        }
Improve this question
1
  • I'm sorry I wasn't clear. The page is already configured per your description. However, I have a custom authentication module. I am trying to exit the module logic prior to knowing the user identity if the page is configured for allow users="*" or allow users = "?" Commented Jul 28, 2009 at 15:01

2 Answers 2

Reset to default
2

I'm not sure how your code fits in with the Membership and Role provider system, but have you tried putting per-URL overrides in the web.config file?

<location path="MyAnonymousPage.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

In a regular ASP.Net site this can be accomplished with the following code:

IPrincipal anonUser = new GenericPrincipal(new GenericIdentity(string.Empty, string.Empty), new string[0]);

bool allowAnon = UrlAuthorizationModule.CheckUrlAccessForPrincipal(requestPath, anonUser, "get");

However, I am having problems getting it to behave as expected in SharePoint.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.