Re: Forms Authentication doesn't protect specified pages.

From: Steve R. (nevermind5807_at_yahoo.com)
Date: 06/19/04

  • Next message: Charlie Dison: "Forms based security" 
    Date: 19 Jun 2004 11:16:10 -0700

    I considered that. I looked for the cookie in the cookies folder on
    the affected systems and did not find it. I haven't ruled it out,
    though. I did have it set to True and then changed it, but if a cookie
    had already been sent to one of the systems in question, I guess
    changing the code wouldn't affect a cookie that was already there,
    would it? What changes how long it lasts on the client system? I've
    never encountered that property.

    It is always after a successful logon that it starts screwing up.
    Thanks for confirming my suspicions, that really does seem like the
    only reasonable explanation. In your explanation below, wouldn't the
    cookie be named "Username". I'm wondering if I'm looking in the wrong
    place for it.

    Thanks,

    Steve

    "ranganh" <ranganh@discussions.microsoft.com> wrote in message news:<8C80BB2D-ED66-40C8-853C-1EB15939EF97@microsoft.com>...
    > Dear Steve,
    >
    > In your Login page, have you enabled, persistent cookies. i.e.
    >
    > FormsAuthentication.RedirectFromLoginPage("Username", true)
    >
    > if you give the boolean (persistent cookie) as true, then the cookie will be stored in
    > the machine and it will not ask for login until you explicitly log out.
    >
    > That might be causing your authentication not to work.
    >
    > If that is not the case, write back.
    >
    > thanks.
    >
    > "Steve R." wrote:
    >
    > > This is driving me nuts:
    > >
    > > I've used this same exact setup (web.config, see below) before without
    > > any problems... the authentication does not stop at the logon page AT
    > > ALL. I've put breakpoints in it to be sure, plus, there's no code at
    > > all in my Load event handler for the Logon page.
    > >
    > > It seems to work as predicted if I try to access the app from a
    > > workstation that I haven't tried to access from. I just tested one
    > > more time and it worked 3 times in a row and I couldn't break it, but
    > > on the dev server itself, it always falls right through without
    > > stopping at all on logon.aspx and another workstation accessing the
    > > app worked a few times and then began to fail.
    > >
    > > I've got another app set up on the very same server where I have never
    > > encountered that problem before. This is not the first time I've
    > > implemented Forms Authentication.
    > >
    > > I cannot figure out what gives here. Where should I start to look? The
    > > web config setup was copied and pasted directly from the working app
    > > to the app under development on the same dev server.
    > >
    > > Any help would be very gratefully received.
    > >
    > > Here's the relevant portions of my web.config:
    > >
    > > <system.web>
    > > <!-- enable Forms authentication -->
    > > <authentication mode="Forms">
    > > <forms name="AHDAuth" loginUrl="logon.aspx"
    > > protection="All" path="/" />
    > > </authentication>
    > > <!-- enable custom errors for the application -->
    > > <customErrors mode="Off">
    > >
    > > </customErrors>
    > > <sessionState mode="InProc" cookieless="false" />
    > > <compilation defaultLanguage="vb" debug="true" />
    > > </system.web>
    > > <!-- set secure paths -->
    > >
    > > <location path="Quote.aspx">
    > > <system.web>
    > > <authorization>
    > > <deny users="?" />
    > > </authorization>
    > > </system.web>
    > > </location>
    > > <location path="SupplierInfoEdit.aspx">
    > > <system.web>
    > > <authorization>
    > > <deny users="?" />
    > > </authorization>
    > > </system.web>
    > > </location>
    > >

  • Next message: Charlie Dison: "Forms based security"
    • Quantcast