Re: Secure Multiple Applications in one Domain
From: Joe Reazor (joenospam_at_belgor.com)
Date: 05/17/04
- Previous message: Svein Terje Gaup: "Re: Confused"
- In reply to: Steven Cheng[MSFT]: "RE: Secure Multiple Applications in one Domain"
- Next in thread: Steven Cheng[MSFT]: "Re: Secure Multiple Applications in one Domain"
- Reply: Steven Cheng[MSFT]: "Re: Secure Multiple Applications in one Domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 May 2004 08:27:35 -0400
Steven,
Thanks for the response. Yes you understood my problem perfectly. For
your #1 solution: I had checked the ReturnUrl value and it does show the
originally requested page. I even checked my web log file and it shows in
this order: Original Page, Login Page, Post of Login Page, Original Page,
back to Login Page. So it definitely sends me back to my original page, it
just doesn't acknowledge that I am authenticated, probably the different
application issue that you mention. Your second suggestion does make sense
and I should have thought of that because I had another sub folder that
wasn't set-up as an application and that one worked ok.
I guess my next question then would be this: If my root web is the only
place that has a web.config file and I have many applications under that
which will no longer be "applications" in the sense that they won't have
their own web.config files or be configured in IIS as applications, then how
can I set specific settings for those applications. For instance, I want to
set-up different error handling for each one, or different authorization?
Is using the <location> element in my root web's web.config file the way to
go? Is there any limitation as to what you can configure under the
<location> element?
Thanks again for your help.
==============
Joe Reazor
Gorbel Inc.
email: joerea=AT=gorbel=DOT=com
"Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message
news:xdnTFilOEHA.484@cpmsftngxa10.phx.gbl...
> Hi Joe,
>
> From your description,you have a root web application which contains
> another sub application located in the
> root applicaiton 's root folder in IIS. The root application is using the
> form authenticaiton and protected the files from
> unauthenticated users. Now you want the sub application's file also be
> protected from unauthenticated users and
> use the same login page in the root web application. However, this works
> well when you visiting the pages in root application. However, when you
> visit the page in the sub application and be redirected to the login page
> and after the user login and use
> FormsAuthenticatoins.RedirectFromLoginPage to redirect to the former
> requested page, you found you are still get redirected to the login page,
> yes?
>
> As for this problem, here are some of my suggestions:
> 1. Regarding on the repeatly be redirect to login page. I think the
problem
> is likely caused by the login page is not in the same site. When you
visit
> the sub app and be redirected to the parent web application's
> login page and that make the former requested url became the "login" page
> rather than the certain page in the sub web app. So that when you submit
> and call the FormsAuthenticatoins.RedirectFromLoginPage
> you will be repeatly redirect to the login page. I suggest you look at the
> url in the browser's address bar when be redirected to the login page
first
> time
> or use Response.Write("<br>" +
> FormsAuthentication.GetRedirectUrl("username",false)); to output the url
to
> confirm this.
>
> 2. Since you want the sub app under the root application also use the
> authentication and authorization setting in the root web app, we don't
need
> to create a sub applicatin, just make it a normal sub folder under the
root
> applicaiton. And that'll also avoid may other issues with multi
application
> with parent-sub folder structure. Also, we can specify heirarchy
> configuration setting in the root app's web.config without provide a
> web.config for each sub folder and here are some related references in
msdn:
>
> #Configuration Inheritance
>
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationinher
> itance.asp?frame=true
>
> #Configuration <location> Settings
>
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationlocat
> ionsettings.asp?frame=true
>
> #Locking Configuration Settings
>
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconlockingconfigurati
> onsettings.asp?frame=true
>
> Hope also helps. Thanks.
>
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
> Get Preview at ASP.NET whidbey
> http://msdn.microsoft.com/asp.net/whidbey/default.aspx
>
>
- Previous message: Svein Terje Gaup: "Re: Confused"
- In reply to: Steven Cheng[MSFT]: "RE: Secure Multiple Applications in one Domain"
- Next in thread: Steven Cheng[MSFT]: "Re: Secure Multiple Applications in one Domain"
- Reply: Steven Cheng[MSFT]: "Re: Secure Multiple Applications in one Domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
