Re: Configuring Windows Auth & Forms Auth in Asp.Net

From: avnrao (avn_at_newsgroups.com)
Date: 04/29/04

  • Next message: Chris Mohan: "Forms Auth in subdirs but WIndows Auth in Main Site" 
    Date: Thu, 29 Apr 2004 12:15:10 +0530

    this looks ok to me as far as you take care of securing your forms
    authentication. I mean securing forms authentication cookie and role list.
    any request to subfolders, the location element in web.config clearly
    overrides windows authentication.

    Av.

    "Chris Mohan" <chrismo1__=AT__yahoo.com> wrote in message
    news:41D908AE-CFD5-46BF-AFA9-D8D7F64231B3@microsoft.com...
    > Configuring Windows Auth & Forms Auth in Asp.Net
    > Hi, I've configured a web app to use windows authentication and also set
    > up two separate subdirectories to use forms authentication. It appears to
    > work fine but I have never seen a sample that demonstrates both in the
    > same web.config and I don't like assuming i've done this correctly and
    > securely.
    >
    > Please take a look at the following from my web.config and let me know
    > what you think(its not the full config-- just stripped down to its
    > essentials w/ no attributes) Its pretty basic, i just use a location
    > element for each sub-dir and then set the auth mode inside of it. Thanks!!
    >
    > <?xml version="1.0" encoding="UTF-8"
    > ?><configuration><system.web><authentication mode="Windows"
    > /><authorization><allow users="*" /></authorization></system.web><location
    > path="SecureArea1"><system.web><authentication mode="Forms"><forms
    > loginUrl="login.aspx" /></authentication><authorization><deny users="?"
    > /></authorization></system.web></location><location
    > path="SecureArea2"><system.web><authentication mode="Forms"><forms
    > loginUrl="login.aspx" / ></authentication><authorization><deny users="?"
    > /></authorization></system.web></location></configuration>

  • Next message: Chris Mohan: "Forms Auth in subdirs but WIndows Auth in Main Site"

    Relevant Pages

    • Re: Authentication? Forms without Anynymous access
      ... No, forms auth is secure, as long as the authentication mechanism you ... Windows auth happens at the IIS ...
      (microsoft.public.dotnet.security)
    • Re: SSO advice
      ... You can do both Windows Integrated aith and forms auth if you want. ... Basically, the main site is forms authentication, it has a "sub-site" within ... > applications that the user has authorization. ...
      (microsoft.public.dotnet.security)
    • Re: Access denied ( From one site to another, that is in another server)
      ... If insted of configure the ASP.NET Application for Windows Authentication, ... Active Directory - Delegation: ... To verify that the application account can act ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Access denied ( From one site to another, that is in another server)
      ... | configure it for Basic Authentication, can I avoid use Kerberos and use ... |> Enable Integrated Windows Authentication check box is ... Active Directory - Delegation: ... To verify that the application account can act ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Using IIS w/ASP .NET 2.0 Web Application Projects
      ... I've tried to explain to you the authentication mechanism as well as I can. ... When you're done, you'll see that, if you turn on Windows Authentication. ... I also know that the IIS documentation directly contradicts what you are saying. ... Integrated Windows Authentication overrides the Anonymous authentication default. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Quantcast