Windows mode authentication - anonymous and authenticated access on same page

From: Christoph Erdle (erdle_at_in.tum.de)
Date: 07/30/03

• Next message: ElmoWatson: "Forms Authentication - Does Not Redirect"
• Previous message: Snig: "Runtime Impersonation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 30 Jul 2003 18:37:27 +0200

Hi,

at the moment I'm developing a Web-Application with C# and encounter problems
using Windows NTLM authentication with IIS 6.0 (W2k3EE).

I use an aspx-page, in which depending on the user's authentication different
content is provided. There's an area for anonymous access and one for
authenticated users.

In the code im checking the state of the authentication via the Property
Page.User.Identity.IsAuthenticated. Hasn't the user been authenticated yet, all
works fine, i get the parts for anonymous access. But if the user is
authenticated, most of the time the user gets the parts for anonymous access,
seldom the one for authenticated users (meening
Page.User.Identity.IsAuthenticated is false most of the time).

As this aspx-page has to grant both anonymous and authenticated access, i worked
with the following web.config:

<snip>
<!-- Grant access to all files to all (anonymous and authenticated) users
-->
<authentication mode="Windows" />
     <authorization>
         <!-- Allow all users -->

             <allow users="*"/>

     </authorization>

<!-- For the Page myPage.aspx special access control is required. So i added
      the users "user1" and "user2" to the list of allowed users on that page and
      replaced everybody with anonymous (* with ?)
-->
<location path="myPage.aspx">
  <system.web>
         <authorization>
             <allow users="?, user1, user2" roles="Users"/>
     </authorization>
  </system.web>
  </location>

</snip>

What's wrong in the web.config, as getting such weird results?

Thanks for your help,
Christoph Erdle

-- 
Life is very short and there's no time
For fussing and fighting, my friends
                      (The Beatles)

---

• Next message: ElmoWatson: "Forms Authentication - Does Not Redirect"
• Previous message: Snig: "Runtime Impersonation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Save IE password thorugh group policy ... that web site, this remote cookie will pickup the password so that the users ... You can configure IIS to Anonymous access or Digest ... Configure Authentication in IIS ... (microsoft.public.windows.group_policy) Re: User ASPNET in SQL Server 2000 ... When you hit a web application that has anonymous access, ... While I love integrated security in SQL Server, it is often a pain in web ... maintenance of accounts with access. ... >>> authentication", and has the same users as in Win 2000 ... (microsoft.public.dotnet.framework.aspnet.security) Re: My boss.... ... Click the Edit button under Authentication and access control, ... properties, Web site tab, Advanced button) ... Exchange virtual directory, clear the anonymous access box, clear Integrated ... (microsoft.public.windows.server.dns) Re: Implement AuthenticationButton for anonymous and integrated access ... You'll want to set your portal up for anonymous access. ... Windows Authentication is checked. ... they are part of the SharePoint domain. ... users will be prompted to log in to access these javascript files. ... (microsoft.public.sharepoint.portalserver.development) Re: ISA 2004 report problem; IP addresses instead of user accounts ... Firewall Clients did not have anonymous access. ... , web proxy, authentication. ... The only way to tell is by reviewing traffic in the isa ... (microsoft.public.isa)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)