The question may be very basic but I can't figure it out and I can't find any information on the subject. I have my website with authentication implemented using c# controls. in my configuration file it is already known which is the login site, and which is the default
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/Login.aspx" slidingExpiration="true" timeout="2880"></forms>
</authentication>
How do I configure the web.config so that when I enter the resetpassword.aspx site, it does not direct me to the login, but does what I need? I already tried with membershipprovider, but it generates too many loading errors, so I better leave it as it is
another option could be that in the login site it hides the loginform control, and shows the resetpassword, but I don't know if it's safe?
Thank you
Your resetpassword.aspx page shouldn't require authorization, because obviously someone who forgot their password can't get into a protected page to reset it.
To remove the protection to a particular page, in the web.config you must put the following
Where in path you put the path of the page, which in the previous example would be in the root of the site