I'm trying to get forms based auth up and working and I'm running into a little snag. My login page needs to access css files and images in my application and when I enable the authentication in web config access to these files are being blocked.
My Webconfig auth section:
Expand|Select|Wrap|Line Numbers
- <system.web>
- <compilation debug="true"/>
- <authentication mode="Forms">
- <forms name=".mycookie" loginUrl="loginform.aspx" timeout="20"></forms>
- </authentication>
- <authorization>
- <deny users="?" />
- </authorization>
- </system.web>
Expand|Select|Wrap|Line Numbers
- <authorization>
- <deny users="?" />
- </authorization>
so I am asking 2 questions and seeking 1 answer:
Can I exclude my /css and /img folders from the auth scope?
if not then the other approach I see working would be to include some code in my master page to chech if the user is logged in and if not to redriect them to the login page - as the master page will be included on all aspx pages. but i would perfer another approach as then non aspx pages will be exposed.
or if i'm looking at this all wrong point me toward the correct approach.
Thanks