Re: Login control and restricted member pages
- From: "NickP" <a@xxxxx>
- Date: Thu, 22 Nov 2007 13:41:57 -0000
Hi Steven,
I'm not quite sure I understand to be totally honest, let me give you a
scenario,
1. I attempt to navigate to a restricted member page without logging in
2. The HTML of the aspx page loads fine, but I recieve a login dialog
once for each image on the page.
* The images folder within this restricted folder is unaccessible, but
the root members folder isn't.
appname/members << (anonymous set to deny all) accessible
appname/members/images << inaccessible
If I log in, using the login control in the app root,
appname/login.aspx
exactly the same thing happens. So my question is this,
Why does the page load but not the images, regardless of the login
status?
The control panel suggests that both folders have *exactly* the same
permissions set, but I cannot access any of the images. I'm just contacting
the hosting guys to find out if they can check the NTFS permissions.
To be honest the links you sent didn't really help me much, there was no
clear explanation or description of my problem occuring.
Many thanks for your time and help.
Nick.
"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:HVF9TDNLIHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Nick,
From your description, your ASP.NET application is using Forms
Authentication and you make one of the folder protected from
unauthenticated user. However, you find that after you login, you will
still get a popup window for windows credential when visit pages in a
certain folder, correct?
Regarding on this problem symptom, I think it is likely caused by windows
NTFS permission limitation. By default, even you use Forms Authentication,
ASP.NET runtime will perform file authorization checking on each aspx file
being requested. That means it will ensure the current user(security
account) has the permission to access that certain aspx page's physical
file(through NTFS permission setting). For your scenario, you're using
Forms Authentication(and assume you haven't perform impersonate in your
web.config), the security context is your ASP.NET worker process
identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the default
one is "Network Service" account). Therefore, you need to make sure that
account have the permission to access the asp.net page file(will be
requested in your application).
Here are some reference about ASP.NET process identity and
authorization(include url authorization):
#ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx
#Configuring ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
#ASP.NET Authorization
http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx
If you have anything unclear, welcome to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
From: "NickP" <a@xxxxx>following
Subject: Login control and restricted member pages
Date: Wed, 21 Nov 2007 16:17:38 -0000
Hi there,
I have setup a website to use the login control and have been
this tutorial,the
http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx
All of my member-only pages are stored in a directoy access that has
annonymous access set to deny all. Unfortunately when login occurs and
default member page is navigated to a Windows Forms dialog appears andasks
for my username and password, to which I have to supply my hosting
credentials in order to see the site correctly. If I leave the entries
blank and press cancel, I see the page but the graphics / styles to not
load.
Any ideas what I am doing wrong here? Many thanks for your time and
help.
Nick.
.
- Follow-Ups:
- Re: Login control and restricted member pages
- From: Steven Cheng[MSFT]
- Re: Login control and restricted member pages
- References:
- Login control and restricted member pages
- From: NickP
- RE: Login control and restricted member pages
- From: Steven Cheng[MSFT]
- Login control and restricted member pages
- Prev by Date: RE: Login control and restricted member pages
- Next by Date: Re: Login control and restricted member pages
- Previous by thread: RE: Login control and restricted member pages
- Next by thread: Re: Login control and restricted member pages
- Index(es):
Relevant Pages
|
