Re: Forms Authentication w/SubFolders

From: JTR (
Date: 08/04/03

  • Next message: Arthur Yousif: "Getting all http headers"
    Date: Mon, 4 Aug 2003 08:04:55 -0700

    I was able to demonstrate the same as you in terms of ASPX
    pages authenticating/redirecting properly as long as they
    exist in the root. Unfortunately, not much good for an

    I performed more testing/analysis and was able to get an
    ASPX page in a nested folder to be
    authenticated/redirected properly as long as the nested
    folder was not classified as an ASP.NET Application (IIS
    Manager) and the corresponding assembly (DLL) was located
    in the root folder's BIN folder. I plan to follow this
    path and use an application config file (<app>.dll.config)
    in the root bin folder to setup alternate codebase paths.

    >-----Original Message-----
    >I have come into this newsgroup precisely to look for an
    answer to this. I
    >am quite amazed to see this very question! Furthermore,
    I see a posting
    >made a few days later that reports a similar issue:
    Sucessful authentication
    >returns to the login page.
    >My situation is that in root, aspx pages authenticate
    fine (the login.aspx
    >form is in the root, as well). But in sub-directories,
    while the login.aspx
    >form is correctly invoked, the redirect returns to the
    login.aspx page.
    >This happens regardless of the presense of a web.config
    file in the
    >subdirectory, or the contents of it. I have played
    around with variations
    >for about 3 hours. I have verified that the cookies is
    being created and
    >sent, but for some reason the application in the sub-
    directory is not hip to
    >the fact that this cookie exists, and returns to the
    login.aspx page.
    >Pretty big problem. Hope there is a simple fix.
    >Thanks for all suggestions.
    >"JTR" <> wrote in message
    >> I'm trying to create a structure I can share
    >> authentication from a root application with many
    >> subordinate applications (subfolders).
    >> The web.config file for the root has:
    >> <authorization>
    >> <allow users="*" />
    >> </authorization>
    >> Then, each subordinate application (subfolder) has a
    >> web.config with the following:
    >> <authentication mode="Forms">
    >> <forms name=".BUZZARD"
    >> loginUrl="../login.aspx">
    >> </forms>
    >> </authentication>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >> When the user access a resource in a subfolder, the
    >> form is displayed and authenticates the user correctly,
    >> including the creation of an authentication ticket.
    >> when the login form attempts to redirect the browser to
    >> the requested secure resource, the login form is
    >> redisplayed. I have tried using
    >> FormsAuthentication.RedirectFromLoginPage() and
    >> Response.Redirect() with the same results.
    >> Any ideas?
    >> JTR.

  • Next message: Arthur Yousif: "Getting all http headers"