RE: Forms authentication bug?
From: Jason Jing (zyjing@online.microsoft.com)
Date: 07/31/02
- Next message: Arild Bakken: "Re: ASP.NET apps security restriction"
- Previous message: Jason Jing: "RE: How to get the login from IIS in C#"
- In reply to: Fouad Daniëls: "Forms authentication bug?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: zyjing@online.microsoft.com (Jason Jing) Date: Wed, 31 Jul 2002 06:24:58 GMT
Hello,
I tried to create a new web application and copy your XML into web.config
file. The code was running correctly. That is, I can get access root folder
without authentication, while to secured folder, I need to logon. I can do
this without switch "allow" and "deny" tag.
Following is the web.config file I am using
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="UserAutenticated" path="/" loginUrl="Login.aspx"
protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
</system.web>
<location path="secured">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
So would you please create a new project and try again?
Jason Jing
Microsoft Support
This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: =?iso-8859-1?Q?Fouad_Dani=EBls?= <fouad.daniels@webregio.nl>
| Sender: =?iso-8859-1?Q?Fouad_Dani=EBls?= <fouad.daniels@webregio.nl>
| Subject: Forms authentication bug?
| Date: Fri, 26 Jul 2002 03:59:58 -0700
| Lines: 48
| Message-ID: <161101c23493$95481040$37ef2ecf@TKMSFTNGXA13>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: quoted-printable
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcI0k5VIutyLJ8VXTCizJtI6ICLC2Q==
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: TKMSFTNGXA13 10.201.226.41
| Path: cpmsftngxa07!tkmsftngxs01!cpmsftngxa08
| Xref: cpmsftngxa07 microsoft.public.dotnet.framework.aspnet.security:1708
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi All,
| I read alot of posts about forms authentication and came
| to the conclusion that alot of people have the same
| question.
| The question / situation is simple:
| A web application with a non secured root. so open to
| anonymous users. And a directory named secured wich is as
| the name implies NOT open for anonymous users.
| my web config file looks like this
| <?xml version="1.0" encoding="utf-8" ?>
| <configuration>
| <system.web>
| <compilation defaultLanguage="vb"
| debug="false" />
| <customErrors mode="Off"/>
| <authentication mode="Forms">
| <forms name="UserAutenticated"
| path="/" loginUrl="Login.aspx" protection="All"
| timeout="30" />
| </authentication>
| <authorization>
| <allow users="*" />
| </authorization>
| </system.web>
| <location path="secured">
| <system.web>
| <authorization>
| <deny users="?" />
| </authorization>
| </system.web>
| </location>
| </configuration>
| This does not work!! but if I swap the nodes allow and
| deny users ( So infact blocking anonymous users from the
| root and allowing anonymous users in the dir secured ) It
| works perfectly. Is this a bug? I can't believe MS has
| designed ASP.NET forms authentication intentionally to
| behave like this.
| please MS respond to this as I need help badly.
| Thanks in advance,
| Fouad Daniëls
| WebRegio B.V.
|
- Next message: Arild Bakken: "Re: ASP.NET apps security restriction"
- Previous message: Jason Jing: "RE: How to get the login from IIS in C#"
- In reply to: Fouad Daniëls: "Forms authentication bug?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
