Forms Authentication: <location> authorization not bypasssing login page.

From: M Gallagher (mgallagher_at_arraysystems.com)
Date: 07/24/05

• Next message: CalSun: "Re: The server is not operational"
• Previous message: Dominick Baier [DevelopMentor]: "Re: Forms authorization cookie always set to expire in 2055?"
• Next in thread: Joe: "Re: Forms Authentication: <location> authorization not bypasssing login page."
• Reply: Joe: "Re: Forms Authentication: <location> authorization not bypasssing login page."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 23 Jul 2005 16:07:00 -0700

I am trying to configure my forms authentication so a certain page is not
subject to a redirect to the login page. This seems like it should be a
simple thing to do with a <location> tag, but its just not working. Requets
to the page (public.aspx) specified in the <location> tag are still being
redirected to the login page. The login page is in a subdirectory of the
application root where web.config resides. Here is the code from the
web.config file. Anyone know what Im doing wrong and why I cant grant
access to that one page without hitting the login page?

<configuration>

<system.web>

 <authentication mode="Forms">

  <forms loginUrl="logon/logon.aspx" timeout="120"/>

 </authentication>

 <authorization>

  <allow roles="MyUsers"/>

  <deny users="*"/>

 </authorization>

</system.web>

<location path="logon">

 <system.web>

  <authorization>

   <allow users="*"/>

  </authorization>

 </system.web>

</location>

<location path="public.aspx">

 <system.web>

  <authorization>

   <allow users="*"/>

  </authorization>

 </system.web>

</location>

• Next message: CalSun: "Re: The server is not operational"
• Previous message: Dominick Baier [DevelopMentor]: "Re: Forms authorization cookie always set to expire in 2055?"
• Next in thread: Joe: "Re: Forms Authentication: <location> authorization not bypasssing login page."
• Reply: Joe: "Re: Forms Authentication: <location> authorization not bypasssing login page."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ASP 2.0 Membership API ... After successful authentication, you want to redirect back to the original application, but the returnURL parameter contains only /App1 as the URL. ... The solution to that problem is adding a local login page to the application that does a manual redirect to the central authentication application. ... if not you have to use cookieless auth ... (microsoft.public.dotnet.framework.aspnet.security) Re: Detecting Failed Authorization ... after every authentication request and before the user ... is redirected to any login page. ... > "Ken Dopierala Jr." ... >> 'Redirect where you want the user to go. ... (microsoft.public.dotnet.framework.aspnet) Re: Response.Redirect with IE ... login page to another one after a successful login - Am I right? ... In that case, set the Authentication mode to "Forms" in Web.Config, set the ... You don't have to manually redirect, Forms Authentication will do it for you ... > From: Ken Dopierala Jr. ... (microsoft.public.dotnet.framework.aspnet) Re: can I set web.config to require authentication only for some files? ... You can specify some pages to require login, and others to not require login ... via your web.config file by using the tag. ... > What if I want to configure authentication so that it's only required ... (microsoft.public.dotnet.framework.aspnet) Re: Default.aspx - newbie Q` ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ... (microsoft.public.dotnet.framework.aspnet)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint