Re: Problem with web.config access-restricted subdirectory
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 01/22/04
- Next message: smita: "Forms Authentication using Xml File"
- Previous message: smita: "Forms Authentication Problem"
- In reply to: David Pyper: "Problem with web.config access-restricted subdirectory"
- Next in thread: David Pyper: "Re: Problem with web.config access-restricted subdirectory"
- Reply: David Pyper: "Re: Problem with web.config access-restricted subdirectory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Jan 2004 09:39:38 -0300
I think you should delete the <location> entry. This should be triggering
the login page when you acces the /Parent/Child/Default.aspx page. There is
a good article about this here:
http://www.theserverside.net/articles/article.aspx?l=FormAuthentication
Regards,
Hernan.
-- Hernan de Lahitte - MSDE Lagash Systems S.A. - Buenos Aires, Argentina http://www.lagash.com "David Pyper" <David.Pyper@MUHC.McGill.CA> wrote in message news:a1a1388f.0401211300.7871d058@posting.google.com... > Hi, > > I have a problem with web.config unsuccessfully controlling access to > a subdirectory. I'm using VS03 and IIS5.0 on NT2K. I have been able > to reproduce this behaviour on two machines (the 2nd being a WXP > machine) and both times I'm having the same result. > > I created a simplified example to illustrate the problem. Here's the > directory structure: > > / > /Parent > /Parent/Child > > > In the /Parent directory, I have 3 files: web.config, Login.aspx and > Default.aspx. In Child I just have Default.aspx. In both directories > there's a bin/ directory that contains Parent.dll and Child.dll (I'm > using code-behind files). Only Login.aspx has a code-behind (in vb) > which I'll show below. > > Here's the code from /Parent/web.config: > > <?xml version="1.0" encoding="utf-8" ?> > <configuration> > <system.web> > <compilation defaultLanguage="vb" debug="true" /> > <customErrors mode="RemoteOnly" /> > <authentication mode="Forms"> > <forms loginUrl="/Parent/Login.aspx" /> > </authentication> > <authorization> > <deny users="?" /> > <allow users="*" /> > </authorization> > <trace enabled="false" requestLimit="10" pageOutput="false" > traceMode="SortByTime" localOnly="true" /> > <sessionState > mode="InProc" > stateConnectionString="tcpip=127.0.0.1:42424" > sqlConnectionString="data > source=127.0.0.1;Trusted_Connection=yes" > cookieless="false" > timeout="20" > /> > <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> > </system.web> > <location allowOverride="false" path="Child"> > <system.web> > <authorization> > <deny users="?" /> > </authorization> > </system.web> > </location> > </configuration> > > > And now here's the contents of /Parent/Default.aspx: > > <%@ Page Language="vb" AutoEventWireup="false" > Codebehind="Default.aspx.vb" Inherits="Parent._Default" trace="True"%> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML> > <HEAD> > <title>Default Page</title> > <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1"> > <meta name="CODE_LANGUAGE" content="Visual Basic .NET 7.1"> > <meta name="vs_defaultClientScript" content="JavaScript"> > <meta name="vs_targetSchema" > content="http://schemas.microsoft.com/intellisense/ie5"> > </HEAD> > <body> > <form id="Form1" method="post" runat="server"> > This is the default page. > </form> > </body> > </HTML> > > > And now the content of /Parent/Login.aspx: > > > <%@ Page Language="vb" AutoEventWireup="false" > Codebehind="Login.aspx.vb" Inherits="Parent.Login" trace="True"%> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML> > <HEAD> > <title>Login Page</title> > <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1"> > <meta name="CODE_LANGUAGE" content="Visual Basic .NET 7.1"> > <meta name="vs_defaultClientScript" content="JavaScript"> > <meta name="vs_targetSchema" > content="http://schemas.microsoft.com/intellisense/ie5"> > </HEAD> > <body> > <form id="Form1" method="post" runat="server"> > <asp:TextBox id="txtUser" runat="server">Username</asp:TextBox> > <asp:TextBox id="txtPassword" runat="server">Password</asp:TextBox> > <asp:Button id="btnSubmit" runat="server" > Text="Submit"></asp:Button> > </form> > </body> > </HTML> > > > And now the code for /Parent/Login.aspx.vb: > > > Imports System.Web.Security > > Public Class Login > Inherits System.Web.UI.Page > > #Region " Web Form Designer Generated Code " > > 'This call is required by the Web Form Designer. > <System.Diagnostics.DebuggerStepThrough()> Private Sub > InitializeComponent() > > End Sub > Protected WithEvents txtUser As System.Web.UI.WebControls.TextBox > Protected WithEvents txtPassword As > System.Web.UI.WebControls.TextBox > Protected WithEvents btnSubmit As System.Web.UI.WebControls.Button > > 'NOTE: The following placeholder declaration is required by the > Web Form Designer. > 'Do not delete or move it. > Private designerPlaceholderDeclaration As System.Object > > Private Sub Page_Init(ByVal sender As System.Object, ByVal e As > System.EventArgs) Handles MyBase.Init > 'CODEGEN: This method call is required by the Web Form > Designer > 'Do not modify it using the code editor. > InitializeComponent() > End Sub > > #End Region > > Private Sub btnSubmit_Click(ByVal sender As System.Object, _ > ByVal e As System.EventArgs) Handles btnSubmit.Click > > FormsAuthentication.RedirectFromLoginPage(txtUser.Text, False) > > End Sub > > End Class > > > > And now finally /Parent/Child/Default.aspx: > > <%@ Page Language="vb" AutoEventWireup="false" > Codebehind="WebForm1.aspx.vb" Inherits="Child._Default" trace="True"%> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML> > <HEAD> > <title>WebForm1</title> > <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1"> > <meta name="CODE_LANGUAGE" content="Visual Basic .NET 7.1"> > <meta name="vs_defaultClientScript" content="JavaScript"> > <meta name="vs_targetSchema" > content="http://schemas.microsoft.com/intellisense/ie5"> > </HEAD> > <body> > <form id="Form1" method="post" runat="server"> > This is the default child page. > </form> > </body> > </HTML> > > > So to re-iterate, only Login.aspx has any code-behind functionality. > Now that all that's all clear, here's what happens. When I access > /Parent/Default.aspx, I am redirected to > http://localhost/Parent/Login.aspx?ReturnUrl=%2fParent%2fDefault.aspx, > which is what I expected would happen. I click btnSubmit and a cookie > is set (.ASPXAUTH) and I'm redirected to /Parent/Default.aspx, also as > expected. Now the problem: when I access /Parent/Child/Default.aspx, > I'm redirected back to > http://localhost/Parent/Login.aspx?ReturnUrl=%2fParent%2fChild%2fDefault.aspx > and prompted for the login again. That's unexpected. I expect that > once I login to /Parent/Login.aspx I should be able to access > /Parent/Child/Default.aspx. But even when I re-login to > /Parent/Login.aspx, the redirect still brings me back to > http://localhost/Parent/Login.aspx?ReturnUrl=%2fParent%2fChild%2fDefault.aspx. > > Can someone please shed some light here? What am I not getting? > > Thanks! > > David.Pyper_DONTSPAM@NOSPAM.MUHC.McGill.CA
- Next message: smita: "Forms Authentication using Xml File"
- Previous message: smita: "Forms Authentication Problem"
- In reply to: David Pyper: "Problem with web.config access-restricted subdirectory"
- Next in thread: David Pyper: "Re: Problem with web.config access-restricted subdirectory"
- Reply: David Pyper: "Re: Problem with web.config access-restricted subdirectory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
