Re: Form Authentication (redirect to https)
- From: Alexey Smirnov <alexey.smirnov@xxxxxxxxx>
- Date: Tue, 1 Jul 2008 23:37:19 -0700 (PDT)
On Jul 1, 10:30 pm, dgator <dga...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I do the redirect through the form authentication section of the web.config
file.
Here is my current entry in web.config
<authentication mode="Forms">
<forms loginUrl="wtLogon.aspx" name="sqlAuthCookie" timeout="60"
path="/">
</forms>
</authentication>
This works if the user types inhttps://www.mysite.com. If the user type
http>//www.mysite.com, they are redirected to the login page, but still in
http.
If I change the entry in the web.config to the following
<authentication mode="Forms">
<forms loginUrl="https://www.mysite.com/wtLogon.aspx";
name="sqlAuthCookie" timeout="60" path="/">
</forms>
</authentication>
I get the windows login prompt.
Very strange.
"Alexey Smirnov" wrote:
On Jul 1, 1:01 pm, dgator <dga...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
If i typehttps://www.mysite.comitworks fine as long as the "logonURL" in
the forms authentication section of the web.config just points to the logon
page like "logon.aspx".
As soon as I change the logonURL to "https://www.mysite.com/logon.aspx";, the
windows logon prompt is presented to the user.
The directory permissions for the IUSR seem to be fine.
Any other thoughts?
Thanks
Daivd
"Alexey Smirnov" wrote:
On Jul 1, 1:16 am, dgator <dga...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
We are using forms authentication for security within our web app. Within
the web.config file, we have the logonURL set to "https://www.mysite.com"; so
that if the user gets to the login page via http, they will be forced to
https version.
We do this same redirect on other websites without any problems, but for
some reason on this one website, when we redirect to https, a windows login
prompt is presented to the user which is NOT what we want. I have looked
throughout the web.config file and the iis setup and see no differences in
the site that works with the redirect and one that doesn't.
Any ideas?
Thanks in advance.
I think it does mean that the IUSR_<server> account has no access to
the root directory of the site. Check directory permissions to see if
the this account is allowed access to the files. Check if Anonymous
authentication is enabled in IIS.- Hide quoted text -
- Show quoted text -
David, when you do this on other websites, do you use a custom 403
redirect at IIS from http to https?- Hide quoted text -
- Show quoted text -
I think the trick here is that you have to add custom 403 (403;4 if I
am not wrong) in IIS where you can redirect from http://....login.aspx
to https://....login.aspx using simple
Response.Redirect("https://....login.aspx";);
.
- References:
- Re: Form Authentication (redirect to https)
- From: Alexey Smirnov
- Re: Form Authentication (redirect to https)
- From: Alexey Smirnov
- Re: Form Authentication (redirect to https)
- From: dgator
- Re: Form Authentication (redirect to https)
- Prev by Date: Re: Form Authentication (redirect to https)
- Next by Date: Design patterns for managing the roles in .NET 2.0 Web application
- Previous by thread: Re: Form Authentication (redirect to https)
- Next by thread: Design patterns for managing the roles in .NET 2.0 Web application
- Index(es):
Relevant Pages
|
Loading
