asp.net - Web.config: Wildcards in location and authorization

Question

In my ASP.Net application I'm using URL routing.
The url format is somewhat like: http://site/{culture}/project/{id}.

To allow users to visit the login and recovery page, I've added the following entries to my web.config:

<location path="en-GB/login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="nl-NL/login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

<location path="login">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

Is there a form of notation so that I can skip the en-GB part and replace it with a wildcard?
I want the login and recovery page etc. to be available regardless of the culture.

Answer 1

I don't believe you can place relative paths in the root web.config, but that isn't a concern. You can use the support of nested Web.Config files to your advantage.

You can place a web.config file similar to this in any of your sub directories (adjusting to suit the needs of that specific directory) and you'll get the support you seek. It is also a lot easier to maintain as the settings are closer to the code files they control.

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>

The overall configuration for authentication types, roles, etc. would be done in the web.config in your applications root directory. As a result, you can't set a separate login page per directory from this method, but you could have a login page that automatically handled a redirect when needed (by analyzing the ReturnURL QueryString value).