Re: Enabling Forms Authentication Stops Button Click Events

From: jfer (nicemonitor_at_hotmail.com)
Date: 08/22/05 

Date: 22 Aug 2005 06:26:06 -0700

Hey Waqas I believe you are missing the pros/cons of Forms
Authentication. When you use integrated windows authentication the
users credentials are passed around via a trusted credential token.
This is why with Integrated Windows Authentication you are allowed to
pass the users identity to other resources, for example you can
restrict users to file resources via built in Windows access control
lists. When you use Forms Authentication you lose this ability and you
are responsible for building up the credential token although it is not
given the same trust (you cannot use Access Control Lists to
restrict/allow access for instance). This is key to understanding your
problem because all your users are actually browsing your site via the
anonymous account setup in IIS when you use Forms Authentication. And
you are building up their "credential token" as the forms
authentication ticket (cookie).
This implies to me that you MUST have anonymous access enabled when
utilizing Forms Authentication. To restrict/deny access to resources
you must then utilize URL Authorization via the web.config specificing
either users or roles explicitely.

Hope this helps.

Quantcast