Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?
From: Chad Beckner (cbeckner_at_iupui.edu)
Date: 09/04/05
- Previous message: Sam Santiago: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- In reply to: Sam Santiago: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- Next in thread: Ken Schaefer: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- Reply: Ken Schaefer: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 3 Sep 2005 18:22:01 -0500
So, in effect, how does that protect files in a directory (.gif, .htm,
etc)? That, to me, doesn't seem to provide "true"security of an area, like
IIS does... Does anyone know if this has changed in 2.0?
For now, I guess I can keep using the ISAPI filter that I built... Unless
anyone else has a better solution. However, I am disappointed that I can't
set up this kind of security in .NET/FormsAuthentication like I can with IIS
Basic. I want to protect ALL files (and not have everything be processed
through the isapi_aspnet dll) in a particular area and have them
authenticate before accessing it, but without a "windows logon" prompt.
Thanks for the help,
Chad
"Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> wrote in message
news:Oi0PhrNsFHA.2008@TK2MSFTNGP10.phx.gbl...
When you use Forms authentication you have to set IIS to Anonymous
authentication. Check out this article for a discussion on the combinations
between ASP.NET authentication and IIS authentication:
nhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp
If you think you can customize ASP.NET to use forms with Basis
Authentication you'll probably have to write an HTTP Module. Check out this
article for a discussion on Modules and Handlers:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/elmah.asp
Good luck.
-- _______________________________ Sam Santiago ssantiago@n0spam-SoftiTechture.com http://www.SoftiTechture.com _______________________________ "Chad Beckner" <cbeckner@iupui.edu> wrote in message news:uQIFS58rFHA.3352@TK2MSFTNGP14.phx.gbl... > Hi everyone, > > First off, sorry for the cross-post... > > I am developing a site (ASP.NET) in which the root will be set with > Anonymous AND/OR Basic permissions. Past that I will have an application > (directory) in which I will be developing applications, which will have > IIS > Basic Authentication set (this can't be avoided). In the past, I have > been > able to use a ISAPI Filter to add the response headers dynamically, and > add > the authentication to the request, therefore, allowing users into the > secure > directory, and all of this is form based, there is no browser prompt for > their username/password (and it adds it to every request, images, .htm > files, .asp files, etc). Now I am trying to do this with ASP.NET (VB), > again, trying to avoid the browser prompt, and add the authentication to > every request (again, images, .htm files, aspx files, etc). However, I > have > been unsuccessful using FormsAuthentication with the directory set to IIS > Basic Authentication (since IIS sees the request first, I get a browser > prompt. I want to replace this with a redirect to a login form). I have > been able to get the FormsAuthentication to set the cookie, but when it > tries to go into the Basic secured directory, I get a browser prompt. Any > help would be greatly appreciated!! (Do I need to write another ISAPI > Filter, can I use FormsAuthentication to do this?? Suggestions?) > > I have looked at hundreds of articles (or at least it seems!), and am not > 100% how to write an ISAPI filter in .NET, if that needs to be done. Any > pointers to live artices, code, etc. would be very helpful. > > Overall, basically, I want to use Basic Authentication protocol and > FormsAuthentication to access an IIS-set Basic Authentication directory, > but > I want to use a form instead of the normal windows logon prompt. Our > users > share computers, so having them being able to "save their password" is a > major security concern, which is why I need a login form page. > > Thanks! > > Chad > >
- Previous message: Sam Santiago: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- In reply to: Sam Santiago: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- Next in thread: Ken Schaefer: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- Reply: Ken Schaefer: "Re: IIS With Basic Authentication Set/FormsAuthentication - HELP PLS!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
