Forms Authentication to protect a cgi application

From: Stephen Davies (steve_at_newsgroup.nospam)
Date: 12/30/04

• Next message: Curt_C [MVP]: "Re: Output folder changed"
• Previous message: Stephen Davies: "Forms Authentication to protect .cgi application problem"
• Next in thread: [MSFT]: "RE: Forms Authentication to protect a cgi application"
• Reply: [MSFT]: "RE: Forms Authentication to protect a cgi application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 30 Dec 2004 02:11:01 -0800

I have enabled forms authentication on an IIS 6 W2k3 server to protect access
to the application files until authenticated.

The actual application apart from the login/logout files is .cgi based so I
have added a “Wildcard Application Map” entry

site properties
home directory tab
Configuration
Application Configuration

to point to the “aspnet_isapi.dll” so that .cgi application files must be
authenticated before they can run.

So far all seems to be working well, direct invocation of the .cgi
application is trapped and redirected to the login screen but after logging
in I am prompted with a download dialog (as if there were no mime type)

1. If I remove the Wildcard Application Mapping the .cgi application runs
2. If I allow users=”*” in the authorization section of the web config (with
the wildcard application mapping in place) it also works perfectly.

On top of this I also have an httphandler routine to perform a URLRewrite to
catch the application logout command, although the symptoms above are exactly
the same when its removed from the web config.

Any help on this would be greatly appreciated.

Regards
Stephen Davies

---

• Next message: Curt_C [MVP]: "Re: Output folder changed"
• Previous message: Stephen Davies: "Forms Authentication to protect .cgi application problem"
• Next in thread: [MSFT]: "RE: Forms Authentication to protect a cgi application"
• Reply: [MSFT]: "RE: Forms Authentication to protect a cgi application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Forms Authentication to protect .cgi application problem ... I have enabled forms authentication on an IIS 6 W2k3 server to protect access ... The actual application apart from the login/logout files is .cgi based so I ... If I remove the Wildcard Application Mapping the .cgi application runs ... the same when its removed from the web config. ... (microsoft.public.dotnet.framework.aspnet.security) Re: HTTP_AUTHORIZATION header ... HTML file from one virtual directory, and then immediately execute a CGI from ... Authentication happens when I request the HTML ... header is not expected for every request for NTLM ... (microsoft.public.inetserver.iis.security) Re: HTTP_AUTHORIZATION header ... authentication sequence. ... this in your setup by directly accessing the CGI EXE a couple of timems. ... i.e. the HTTP_AUTHORIZATION header gets sent every time ... I use WFetch to make a Basic authenticated POST request against my CGI ... (microsoft.public.inetserver.iis.security) Re: HTTP_AUTHORIZATION header ... I use WFetch to make a Basic authenticated POST request against my CGI EXE ... Nitpick on your stated understanding of authentication protocols - ... header is not expected for every request for NTLM ... (microsoft.public.inetserver.iis.security) Re: CGI XPSP2 IIS5.1 - cant write a local file from CGI .exe ... operation in the CGI access to read/write in the appropriate folders. ... changes back to the original state before you really screw up the server. ... If Anonymous is not enabled and some other Authentication method is enabled, ... YOU, a third party, by means of either mutual trust in the same Active ... (microsoft.public.inetserver.iis)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2004-12