Re: Login control and restricted member pages

Thanks for your reply Nick,

As you said the login dialog prompts each time the page loading a image,
have you verified the image files's access permission(NTFS file permission)
on that server machine? It is likely that those images file are stored in a
protected folder. When a page display some images file, the client browser
will send http request to download each of them after the page content is
loaded. Thus, if the image file is protected or not accessible, browser
will also prompt for credentials. Also, you can check the IIS log on the
server machine and look for those access denied entries(401 error) to see
which pages or resources cause the access denied behavior.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
From: "NickP" <a@xxxxx>
References: <#cKtAoFLIHA.4476@xxxxxxxxxxxxxxxxxxxx>
<HVF9TDNLIHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Login control and restricted member pages
Date: Thu, 22 Nov 2007 13:41:57 -0000

Hi Steven,

I'm not quite sure I understand to be totally honest, let me give you
a
scenario,

1. I attempt to navigate to a restricted member page without logging
in
2. The HTML of the aspx page loads fine, but I recieve a login dialog
once for each image on the page.

* The images folder within this restricted folder is unaccessible, but
the root members folder isn't.

appname/members << (anonymous set to deny all) accessible
appname/members/images << inaccessible

If I log in, using the login control in the app root,

appname/login.aspx

exactly the same thing happens. So my question is this,

Why does the page load but not the images, regardless of the login
status?

The control panel suggests that both folders have *exactly* the same
permissions set, but I cannot access any of the images. I'm just
contacting
the hosting guys to find out if they can check the NTFS permissions.

To be honest the links you sent didn't really help me much, there was
no
clear explanation or description of my problem occuring.

Many thanks for your time and help.

Nick.

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:HVF9TDNLIHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Nick,

From your description, your ASP.NET application is using Forms
Authentication and you make one of the folder protected from
unauthenticated user. However, you find that after you login, you will
still get a popup window for windows credential when visit pages in a
certain folder, correct?

Regarding on this problem symptom, I think it is likely caused by windows
NTFS permission limitation. By default, even you use Forms
Authentication,
ASP.NET runtime will perform file authorization checking on each aspx
file
being requested. That means it will ensure the current user(security
account) has the permission to access that certain aspx page's physical
file(through NTFS permission setting). For your scenario, you're using
Forms Authentication(and assume you haven't perform impersonate in your
web.config), the security context is your ASP.NET worker process
identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the default
one is "Network Service" account). Therefore, you need to make sure that
account have the permission to access the asp.net page file(will be
requested in your application).

Here are some reference about ASP.NET process identity and
authorization(include url authorization):

#ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx

#Configuring ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx

#ASP.NET Authorization
http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx


If you have anything unclear, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.



--------------------
From: "NickP" <a@xxxxx>
Subject: Login control and restricted member pages
Date: Wed, 21 Nov 2007 16:17:38 -0000

Hi there,

I have setup a website to use the login control and have been
following
this tutorial,

http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx

All of my member-only pages are stored in a directoy access that has
annonymous access set to deny all. Unfortunately when login occurs and
the
default member page is navigated to a Windows Forms dialog appears and
asks
for my username and password, to which I have to supply my hosting
credentials in order to see the site correctly. If I leave the entries
blank and press cancel, I see the page but the graphics / styles to not
load.

Any ideas what I am doing wrong here? Many thanks for your time and
help.

Nick.








.

Relevant Pages

  • Re: Problem viewing uploaded images using ASP.NET
    ... "I can post images with FTP and the uploadform" - ... one might describe a car problem to a mechanic ... you are experiencing some sort of permission issue. ... that folder," but again, I can't assume that until I know specifically what ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Login control and restricted member pages
    ... As you said the login dialog prompts each time the page loading a image, ... protected folder. ... When a page display some images file, ... the root members folder isn't. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: how to create a gallery without using the EXIF function?
    ... >will have the same username as the user's login. ... >After login the user is taken to a page that will contain the 4 images ... >in the folder arranged in a table or div. ...
    (comp.lang.php)
  • Re: Shared Folders in WorkGroup Network
    ... login privileges, you are not going to get prompted. ... > permission and NTFS permission to everyone read in most cases. ... >>I have shared a folder on the server. ...
    (microsoft.public.win2000.networking)
  • Re: cant delete folder
    ... Deleting a file from the desktop shouldn't be a big deal so long as you ... have the permission (login) to do that. ... I've seen something as I recall is called "tagging" a folder... ...
    (microsoft.public.vc.language)