Exclude files or folders for authentication on IIS via web.config

February 26th, 2010 | Posted by Marijn in fba

A client has an FBA Environment for his extranet on SharePoint.  All pages on the extranet are protected by authentication, you need a username and password to access them.

Now, what if you want to create pages that need no protection?

In my case, pages to request access, to give your email and username when you forgot you password etc, …

These new pages are visible to everyone, but when you add them to your _layouts folder, they too are behind your FBA authorization..

What you can do is open web.config and go to the location item and allow users access there.

it looks like this:

<location path=”_layouts/yournewfolder or file”>



<allow users=”*” />




You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

One Response

Leave a Reply

%d bloggers like this: