How do I lock down the pages ?

Topics: ASP.NET 2.0, Business Logic Layer
Apr 2, 2014 at 11:19 PM
In my web.config file I made lines like
<location path="default.aspx">
    <deny users="?"/>

but it locks me out completely. If I don't have this in my web.config, all pages are visible without loging in except the admin page
Apr 3, 2014 at 1:38 AM
You can remove access to pages for anonymous role in admin -> users -> roles, selecting anonymous and removing right to view pages.
Apr 3, 2014 at 5:20 PM
thanks for the response. I just tried it by removing all rights for the anonymous user but it still allows me to view everything (except admin) without signing in. For example the default.aspx pages for every blog is open :(
Apr 3, 2014 at 6:00 PM
Edited Apr 3, 2014 at 6:03 PM
Default is used to show posts, not pages. You need to remove "view posts" right to close it for anonymous users. And removing all will reset to default rights, you need to have at least one, like "view comments", to prevent reset.
Apr 3, 2014 at 9:05 PM
Thanks!!! That worked. I appreciate the time :)