Re: Forms-Based protecting too much
From: iMonkey (iMonkey@clara.co.uk)
Date: 03/29/03
- Next message: Mark Walker: "RE: Are domain/machine names required when specifying roles"
- Previous message: Mark Moeykens: "Re: Forms-Based protecting too much"
- In reply to: Mark Moeykens: "Re: Forms-Based protecting too much"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "iMonkey" <iMonkey@clara.co.uk> Date: Sat, 29 Mar 2003 22:24:10 -0000
Yep that has solved the problem thanks.
I thought that the first question would be solved with something like that
but couldn't put my finger on it!
Thanks again.
iMonkey
"Mark Moeykens" <mjmoeykens_withnospamz@hotmailnadaspammmmm.com> wrote in
message news:u2lVRdi9CHA.1980@TK2MSFTNGP12.phx.gbl...
> When you put the web.config file in the <Unprotected> directory without
any
> mention of authorization or deny then it will inherit those properties
from
> your main web.config file. You have to specify the values you want to
> override. So in the web.config file in the <Unprotected> directory
specify
> to allow all users access (<allow users="*" />).
>
> For your second question:
> FormsAuthentication.SignOut() will clear your authentication ticket
> (cookie). Did you set an authentication cookie after the user logged in?
> This is done with:
> Security.FormsAuthentication.RedirectFromLoginPage
> -or-
> Security.FormsAuthentication.SetAuthCookie
>
> Once the authentication ticket (cookie) is set the user should have free
> roam of your website. If you call FormsAuthentication.SignOut() and the
> user tries to access another page they will automatically be sent back to
> your login page that you specified in your web.config file:
> <authentication mode="Forms">
> <forms loginUrl="Login.aspx" />
> </authentication>
>
> Hope this helps,
> Mark Moeykens
>
>
> "iMonkey" <iMonkey@clara.net> wrote in message
> news:1048957150.20570.0@doris.uk.clara.net...
> > Hi,
> >
> > I have managed to implement forms based security on my application the
> > current directory structure looks something like this:
> >
> > <Application Root>
> > |
> > |__<Unprotected>
> > |__blank.aspx
> > |
> > |_Default.aspx
> > |_Login.aspx
> >
> > Hopefully you can see from the above diagram that there is a subfolder
> > called 'Unprotected' within the protected application root. I would like
> the
> > directory to be publically avaliable so that users that have OR haven't
> CAN
> > access the pages in this folder. I thought that by putting in a basic
> > web.config file with no mention of authorization or deny would make this
> > happen but it only seems to work some of the time.
> >
> > Is there a particular command I can enter in the web.config so that that
> dir
> > is not protected???
> >
> >
> > One other point is I have a line FormsAuthentication.SignOut() linked to
a
> > button on my default page, when you click this I assumed it would logout
> the
> > user but you can still access protected pages? It is only when you close
> all
> > browser windows and then load them up again you are logged out
completely,
> > is there any way of fixing this?
> >
> > iMonkey,
> >
> > P.S. Thanks for any help
> >
> >
>
>
- Next message: Mark Walker: "RE: Are domain/machine names required when specifying roles"
- Previous message: Mark Moeykens: "Re: Forms-Based protecting too much"
- In reply to: Mark Moeykens: "Re: Forms-Based protecting too much"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
