Forms Authentication and Custom errors

From: trinitypete (trinitypete_at_online.nospam)
Date: 12/15/04

  • Next message: Nicole Calinoiu: "Re: "Requested registry access is not allowed" and Web Service call"
    Date: Wed, 15 Dec 2004 08:03:07 -0800
    
    

    Hi all,

    I've searched this problem and sort of found the resolution but cant get it
    to work.

    Web site using forms authentication, just switched

     <customErrors
                defaultRedirect="public/Error.aspx" mode="On"
        />

    got in to the problem where system redirects to error page but because not
    authenticated, returns back to the login.

    Found the location element for web config, now have 2 directories under
    root, one called pages and another called public, implemented the location
    elements and now I get the error
    Runtime Error
    Description: An application error occurred on the server. The current custom
    error settings for this application prevent the details of the application
    error from being viewed.

    Here is the web config:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.web>
            <identity impersonate="true"
                                    userName="TRINITY\INetCommerceUSR"
            password="ytinirt"/>
        <compilation
             defaultLanguage="c#"
             debug="true"
        />
        <customErrors
                defaultRedirect="public/Error.aspx" mode="On"
        />
        <authentication mode="Forms">
                    <forms name="AuthCookie" loginUrl="pages/Login.ASPX" protection = "All" />
        </authentication>
        <authorization>
            <allow users="*" /> <!--Challenge only anonymous users -->
                <!-- <allow users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"/>
                      <deny users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"/>
                                 ? - challenge only anonymous users
                                 * - Challenge all users
                -->
        </authorization>
        <trace
            enabled="false"
            requestLimit="10"
            pageOutput="false"
            traceMode="SortByTime"
                    localOnly="true"
        />
        <sessionState
                mode="InProc"
                stateConnectionString="tcpip=127.0.0.1:42424"
                sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
                cookieless="true"
                timeout="20"
        />
        <globalization
                requestEncoding="utf-8"
                responseEncoding="utf-8"
       />
     </system.web>
     
    <location path="pages">
    <system.web>
    <authorization>
        <deny users ="?" />
    </authorization>
    </system.web>
    </location>
     
    <location path="public">
    <system.web>
    <authorization>
        <allow users ="*" />
    </authorization>
    </system.web>
    </location>

    Any ideas?
    Pete.


  • Next message: Nicole Calinoiu: "Re: "Requested registry access is not allowed" and Web Service call"

    Relevant Pages

    • Authentication Form
      ... i try to make authentication by form, my web config ...
      (microsoft.public.dotnet.security)
    • Re: Runtime error while running web application on remote machine
      ... In web config the setting for customErrors is off, ... Marina ... >> machine I can see login page, but when I'm trying to login with correct ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Runtime error while running web application on remote machine
      ... In web config the setting for customErrors is off, ... Marina ... >> machine I can see login page, but when I'm trying to login with correct ...
      (microsoft.public.dotnet.general)
    • RE: Redirect when User is Unauthorized
      ... because the 401 is used to trigger the IIS authentication handshake (e.g. displaying the login box in IE) - thus it has to percolate up to IIS and cannot be catched in ASP.NET... ... the customErrors web.config for the statusCode of 401. ...
      (microsoft.public.dotnet.security)