Forms Authentication and SSL
From: Marco Roello (marco.roello_at_cnrservice.it)
Date: 07/15/03
- Next message: Luca Caruso: "client certificate"
- Previous message: JD Bee: "Re: Unable to get Forms-based Authentication to work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jul 2003 09:54:32 +0200
Hi, I read some posts here, but I haven't found the full solution of my
problem.
I,ve configured my web application to use SSL with Server Certificates
(Tested and works).
Only one subfolder (/secure) of my webapp works with SSL. (Tested and works)
Web.Config
authentication mode="Forms">
<forms loginUrl="/secure/login.aspx" protection="All" timeout="30"
requireSSL="true">
.....
The users search a page of my webapp (example:
"http://myserver/mywebapp/webform1.aspx") on a non secure SSL channel.
If the user isn't authenticated, he will be redirected to the loginUrl. The
problem is that he will not be redirected with the https:// prefix, so he
has to manually change the address in from http:// to https://.
I've tried putting the full address in the loginUrl, like
loginUrl="https://myserver/mywebapp/secure/login.aspx", but in this case,
when redirecting on the login.aspx, I receive an Access denied Error
(401.2).
I've tried to configure IIS security, with anonimous access only, windows
authentication, both, but nothing changes.
So, the question is simple: how can I redirect a user to a SSL login page
when he isn't authenticated, don't matter if he comes from an http:// or
https:// address
Thank you in advance
Marco Roello
marco.roello@cnrservice.it
How can I configure my app
- Next message: Luca Caruso: "client certificate"
- Previous message: JD Bee: "Re: Unable to get Forms-based Authentication to work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
