Forms Authentication behavior on request denial

From: David Dabbs (david@dabbs.net)
Date: 03/25/03


From: "David Dabbs" <david@dabbs.net>
Date: Tue, 25 Mar 2003 12:56:09 -0600


I am not seeing the expected behavior when I configure a resource to be
deniad to all users.

Here are my root Web.config settings:
        <customErrors mode="Off"></customErrors>
       <authentication mode="Forms">
            <forms loginUrl="/Alumni/Login/default.aspx" name=".KISTOKEN"
timeout="30"
                      path="/Alumni/Auth" protection="None"
requireSSL="false" slidingExpiration="true" />
        </authentication>
        <authorization>
            <allow users="*" />
        </authorization>

And here are the settings in the protected directory

<authorization>
    <deny users="*" />
</authorization>

So, when a browser requests /Alumni/Auth/SomePage.aspx what should happen?

a) the user is shown an "unauthorized" page
b) the user is redirected to the login page configured in the
<authentication> tag

"B" is happening and I'm expecting A.

Any pointers to documentation that explains this behavior and how to
configure it otherwise will be greatly appreciated.

David Dabbs



Relevant Pages

  • Re: Encrypted file system without initial password:
    ... It works OK but my question is, can one make it boot ... This was not a question about potential root exploits. ... These settings can then be password-protected in the BIOS ...
    (comp.os.linux.security)
  • Re: ASP.NET webs not working
    ... I tend to always go into IIS and verify the Application Root setting for each web / subweb on my ... Thomas A. Rowe ... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... >>> application settings were simple and easily reversible in an effort to ...
    (microsoft.public.frontpage.client)
  • [Fwd: Re: No printing at all!]
    ... I tested them, as I'll write below, only on a single machine ... > login as root and you should get a reasonable idea of what is going on. ... that allows only users in group foo, on one machine with several users, ... machine will be able to to change these settings ... ...
    (Debian-User)
  • Re: keyboard puzzle
    ... houghi wrote: ... use all the time as root, ... I can change the repeat rate and other settings, but keyboard still only replies after 5 seconds. ... As noted all other accounts with same settings doesn't have this error. ...
    (alt.os.linux.suse)
  • Re: [opensuse] lpadmin -d acts different than expected
    ... On Jul 1 08:39 Roger Oberholtzer wrote: ... as root I ran lpadmin -d newQueue. ... Perhaps an lpoptions section is needed in the KDE's Personal Settings. ...
    (SuSE)