Excluding Pages from Forms Authentication

This article explains on how to exclude some pages from being protected while implementing Forms based Authentication.


All of us would agree that ASP.NET Forms Authentication is very useful and effective in implementing a Form based authentication for websites.

With the methods and properties it provides, it becomes quite easy for us to implement authentication (contrary to the classic asp, where one has to write chunk of codes individually in all the pages)

Login Page and Registration Page

Well, all of us would have a login.aspx which would be the default login page for the app and any unauthorised request for other pages, would redirect to the Login Page.

However, we would like to have a Registration page, in case the user is not a registered user to which he can go from the login page. So, we provie a link called "Register" so that new users can register.

Since we have implemented Forms Authentication for the website, even the Register.aspx page would require logging in. To avoid the Registration page from falling under authentication, a little tweaking is required in the web.config file.

Excluding Registration, Forgot Password pages

In the web.config file where we declare the authentication mode=forms, the following set of tags need to be there

<location path="Register.aspx">
<allow users="*" />

This would make the Register.aspx page available to anonymous users.

Same way we can also provide for Forgot Password page, if any.


This article discussed on how we can exclude certain pages from being protected while implementing Forms Authentication.


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: