Re: Forms authentication bug?

From: Srinivas (dotnetsrini_NoSpam@hotmail.com)
Date: 07/29/02 

From: "Srinivas" <dotnetsrini_NoSpam@hotmail.com>
Date: Mon, 29 Jul 2002 16:13:31 -0500

Try this:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation defaultLanguage="vb"
debug="false" />
<customErrors mode="Off"/>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="secured">
<system.web>
<authentication mode="Forms">
<forms name="UserAutenticated"
path="/" loginUrl="Login.aspx" protection="All"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>

"Fouad Daniëls" <fouad.daniels@webregio.nl> wrote in message
news:161101c23493$95481040$37ef2ecf@TKMSFTNGXA13...
Hi All,

I read alot of posts about forms authentication and came
to the conclusion that alot of people have the same
question.

The question / situation is simple:
A web application with a non secured root. so open to
anonymous users. And a directory named secured wich is as
the name implies NOT open for anonymous users.

my web config file looks like this

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation defaultLanguage="vb"
debug="false" />
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="UserAutenticated"
path="/" loginUrl="Login.aspx" protection="All"
timeout="30" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="secured">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>

This does not work!! but if I swap the nodes allow and
deny users ( So infact blocking anonymous users from the
root and allowing anonymous users in the dir secured ) It
works perfectly. Is this a bug? I can't believe MS has
designed ASP.NET forms authentication intentionally to
behave like this.

please MS respond to this as I need help badly.
Thanks in advance,
Fouad Daniëls
WebRegio B.V.

Relevant Pages

  • Forms Authentication errror
    ... I am trying to use Forms Authentication in a sample project. ... I have also included a web.config file in that folder with following ... configuration file required to service this request. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: how to let the web.config in the sub-directory to NOT to inherited from Roots web.config.
    ... the authorization mode for that directory, ... You can simply delete the whole authentication section ... >> How to let the sub-directory to avoid the authentication control from Root's webconfig? ... An error occurred during the processing of a configuration file required ...
    (microsoft.public.dotnet.framework.aspnet)
  • Allowed roles/users from the web.config
    ... Is it possible to get a list of allowed roles/users for a single page on the ... which use a role based forms authentication? ... there any standard implementation to access that configuration? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to limit access to admin subfolder using web.config file?
    ... <authentication mode="Forms"> ... Since this is an admin directory you might not want to give access to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Page-specific Forms-based authentication?
    ... In the top-level web.config set the authentication to Forms: ... and set the authorization: ... This will deny all anonymous users. ...
    (microsoft.public.dotnet.framework.aspnet.security)