Forms Authentication behavior on request denial
From: David Dabbs (david@dabbs.net)
Date: 03/25/03
- Next message: Chris Blanco: "Another Security Question..."
- Previous message: Marten Engblom: "Passing Client Certificate from asp.net app"
- Next in thread: John Saunders: "Re: Forms Authentication behavior on request denial"
- Reply: John Saunders: "Re: Forms Authentication behavior on request denial"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Dabbs" <david@dabbs.net> Date: Tue, 25 Mar 2003 12:56:09 -0600
I am not seeing the expected behavior when I configure a resource to be
deniad to all users.
Here are my root Web.config settings:
<customErrors mode="Off"></customErrors>
<authentication mode="Forms">
<forms loginUrl="/Alumni/Login/default.aspx" name=".KISTOKEN"
timeout="30"
path="/Alumni/Auth" protection="None"
requireSSL="false" slidingExpiration="true" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
And here are the settings in the protected directory
<authorization>
<deny users="*" />
</authorization>
So, when a browser requests /Alumni/Auth/SomePage.aspx what should happen?
a) the user is shown an "unauthorized" page
b) the user is redirected to the login page configured in the
<authentication> tag
"B" is happening and I'm expecting A.
Any pointers to documentation that explains this behavior and how to
configure it otherwise will be greatly appreciated.
David Dabbs
- Next message: Chris Blanco: "Another Security Question..."
- Previous message: Marten Engblom: "Passing Client Certificate from asp.net app"
- Next in thread: John Saunders: "Re: Forms Authentication behavior on request denial"
- Reply: John Saunders: "Re: Forms Authentication behavior on request denial"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
