Re: authorization problems
From: Jason Chiu (qysjc@yahoo.com.tw)
Date: 12/04/02
- Next message: Rob Dob: "NewBie Question: Running Asp.Net on a Win2K DC is this Safe or do I need to run DCPromo"
- Previous message: Yogesh Kant Roy: "HELP: ASP.NET Imperosation issue."
- In reply to: Sascha Ellerhoff: "authorization problems"
- Next in thread: Larry Hastings: "Re: authorization problems"
- Reply: Larry Hastings: "Re: authorization problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jason Chiu" <qysjc@yahoo.com.tw> Date: Wed, 4 Dec 2002 16:09:43 +0800
I encounter the same problem.
When I use form authentication, the response.StateCode always 200 and
redirect to login page.
When I use Windows authentication, response.StateCode can get 401, So I
think it is BUG.
Maybe you can write a custom http module, and do urlauthorization yourself,
and attached it to the http modules pipeline.
"Sascha Ellerhoff" <sellerhoff@itbnet.de> ¼¶¼g©ó¶l¥ó·s»D
:#GX5TwrlCHA.2224@tkmsftngp02...
> hello newsgroup!
>
> I try to have a secure web. I use the asp.net security feature 'forms
> authentification' and the 'url authorization'
> forms authenfication does a correct job with cookies etc. But I think
> authorization caused problems.
>
> Situation:
> i have a public web site with secure subdirs.
>
> If a user choose one of the secure dirs the login.aspx will open. this is
> right.
> user with correct credentials and rights to enter the directory will
> redirect to the right website.
>
> problem:
> User with correct credentials but without rights do NOT get http 401
access
> denied message.
> (In MSDN of Microsoft it is descibed that user will get this error)
> Instead of this users will stay authenficated (but without autorization)
on
> login page with no information what happend.
>
> Question: Does the authorization act wrong? Has my configuration in
> web.config mistakes?
>
> web.config:
>
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
> <compilation defaultLanguage="vb" debug="true" />
> <customErrors mode="Off" />
> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
> <authentication mode="Forms">
> <forms path="/" name="WeckeAuth" loginUrl="login.aspx">
> <credentials passwordFormat="Clear">
> <user name="admin1" password="geheim" />
> <user name="admin2" password="geheim" />
> </credentials>
> </forms>
> </authentication>
> <authorization>
> <allow users="*" />
> </authorization>
> </system.web>
>
> <location path="admindir1">
> <system.web>
> <authorization>
> <allow users="admin1" />
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
>
> <location path="admindir2">
> <system.web>
> <authorization>
> <allow users="admin2" />
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
> </configuration>
>
>
>
> only admin1 has access zu admindir1
> only admin2 has access zu admindir2
>
> If admin2 use his credentials in admindir1 he does not get an error
message.
> he stay on login page.
>
> Does someone know my problem?
> Is the protection of the subdirs wrong?
>
>
> thx 4 help
> Sascha
>
>
>
>
>
>
- Next message: Rob Dob: "NewBie Question: Running Asp.Net on a Win2K DC is this Safe or do I need to run DCPromo"
- Previous message: Yogesh Kant Roy: "HELP: ASP.NET Imperosation issue."
- In reply to: Sascha Ellerhoff: "authorization problems"
- Next in thread: Larry Hastings: "Re: authorization problems"
- Reply: Larry Hastings: "Re: authorization problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
