Re: Forms-Based protecting too much
From: Mark Moeykens (mjmoeykens_withnospamz@hotmailnadaspammmmm.com)
Date: 03/29/03
- Next message: iMonkey: "Re: Forms-Based protecting too much"
- Previous message: iMonkey: "Forms-Based protecting too much"
- In reply to: iMonkey: "Forms-Based protecting too much"
- Next in thread: iMonkey: "Re: Forms-Based protecting too much"
- Reply: iMonkey: "Re: Forms-Based protecting too much"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mark Moeykens" <mjmoeykens_withnospamz@hotmailnadaspammmmm.com> Date: Sat, 29 Mar 2003 11:13:46 -0800
When you put the web.config file in the <Unprotected> directory without any
mention of authorization or deny then it will inherit those properties from
your main web.config file. You have to specify the values you want to
override. So in the web.config file in the <Unprotected> directory specify
to allow all users access (<allow users="*" />).
For your second question:
FormsAuthentication.SignOut() will clear your authentication ticket
(cookie). Did you set an authentication cookie after the user logged in?
This is done with:
Security.FormsAuthentication.RedirectFromLoginPage
-or-
Security.FormsAuthentication.SetAuthCookie
Once the authentication ticket (cookie) is set the user should have free
roam of your website. If you call FormsAuthentication.SignOut() and the
user tries to access another page they will automatically be sent back to
your login page that you specified in your web.config file:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
Hope this helps,
Mark Moeykens
"iMonkey" <iMonkey@clara.net> wrote in message
news:1048957150.20570.0@doris.uk.clara.net...
> Hi,
>
> I have managed to implement forms based security on my application the
> current directory structure looks something like this:
>
> <Application Root>
> |
> |__<Unprotected>
> |__blank.aspx
> |
> |_Default.aspx
> |_Login.aspx
>
> Hopefully you can see from the above diagram that there is a subfolder
> called 'Unprotected' within the protected application root. I would like
the
> directory to be publically avaliable so that users that have OR haven't
CAN
> access the pages in this folder. I thought that by putting in a basic
> web.config file with no mention of authorization or deny would make this
> happen but it only seems to work some of the time.
>
> Is there a particular command I can enter in the web.config so that that
dir
> is not protected???
>
>
> One other point is I have a line FormsAuthentication.SignOut() linked to a
> button on my default page, when you click this I assumed it would logout
the
> user but you can still access protected pages? It is only when you close
all
> browser windows and then load them up again you are logged out completely,
> is there any way of fixing this?
>
> iMonkey,
>
> P.S. Thanks for any help
>
>
- Next message: iMonkey: "Re: Forms-Based protecting too much"
- Previous message: iMonkey: "Forms-Based protecting too much"
- In reply to: iMonkey: "Forms-Based protecting too much"
- Next in thread: iMonkey: "Re: Forms-Based protecting too much"
- Reply: iMonkey: "Re: Forms-Based protecting too much"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
