Okay, so I thought this would be easy, but it's not turning out that
way. Let's see how good you guys are! :-)
I have a windows authentication-based Intranet application. An excerpt
from the web.config in the root of the application is as follows:
<authentication mode="Windows" />
<authorization>
<allow roles="mydomain\Domain Users" />
<deny users="*" />
</authorization>
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider"/>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider" description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap"
securityTrimmingEnabled="true"/>
</providers>
</siteMap>
</system.web>
-----------------------------
Then in the /admin subdirectory, I have this:
<authorization>
<allow roles="mydomain\Admins,mydomain\Developers,mydomai n\Budget
Admins" />
<deny users="*" />
</authorization>
Then in the a subdirectory inside /admin I have /property which has no
web.config and then inside property I have a folder called /external.
I want to grant anonymous users access to this /external directory...
so I added the following web.config to the /external directory:
<authorization>
<allow users="?" />
</authorization>
As for IIS, the root application authentication is integrated windows
authentication. Then for the external directory, I checked only
anonymous. This used to work in asp.net 1.x but now I'm using these
web.configs for security and it now prompts the user to log in.
However, if the user hits cancel, it shows the page. I just want to
prevent the login prompt from showing up.
Thanks in advance!
