RE: Forms authentication on a business WAN

From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 11/20/03

• Next message: anonymous_at_discussions.microsoft.com: "Application_AuthenticateRequest"
• Previous message: Jim Cheshire [MSFT]: "RE: Impersonation, Delegation & SQL Server"
• In reply to: Philbert: "Forms authentication on a business WAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Nov 2003 16:43:59 GMT

Philbert,

As long as the user is requesting an .aspx page or another page mapped to
the aspnet_isapi.dll, this should work fine (although your web.config is
not configured as recommended.)

See this:
301240 HOW TO: Implement Forms-Based Authentication in Your ASP.NET
Application
http://support.microsoft.com/?id=301240

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: philbert.de.zwart@logicacmg.com (Philbert)
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Subject: Forms authentication on a business WAN
>Date: 20 Nov 2003 07:10:36 -0800
>Organization: http://groups.google.com
>Lines: 27
>Message-ID: <b4ba19d4.0311200710.49515fd9@posting.google.com>
>NNTP-Posting-Host: 195.109.155.71
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>X-Trace: posting.google.com 1069341036 1804 127.0.0.1 (20 Nov 2003
15:10:36 GMT)
>X-Complaints-To: groups-abuse@google.com
>NNTP-Posting-Date: Thu, 20 Nov 2003 15:10:36 +0000 (UTC)
>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!n
ews.maxwell.syr.edu!postnews1.google.com!not-for-mail
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7597
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>L.S.,
>
>For our client we have built a web application for use on their
>internal network.
>The employees need to log onto the application specifically,
>regardless of their Windows authorisation status.
>
>Web.config contains the following lines:
>
><authentication mode="Forms">
> <forms name=".ASPXEFORM" loginUrl="ef_login.aspx" protection="All"
>timeout="10" />
></authentication>
>
><authorization>
> <deny users="?" />
></authorization>
>
>What I find is that people that are logged into the network are not
>considered anonymous and can access the application without passing
>through ef_login.aspx
>
>How can I prevent this?
>
>Greetings,
>Philbert de Zwart,
>The Netherlands.
>

• Next message: anonymous_at_discussions.microsoft.com: "Application_AuthenticateRequest"
• Previous message: Jim Cheshire [MSFT]: "RE: Impersonation, Delegation & SQL Server"
• In reply to: Philbert: "Forms authentication on a business WAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint