Re: IIS 6 & forms authentication & redirect
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/09/05
- Next message: TimH: "Re: Silent install of URLSCAN ?"
- Previous message: Ben McLaurin: "Scripts and permissions"
- In reply to: Grzegorz Kaczor: "IIS 6 & forms authentication & redirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Feb 2005 02:15:36 -0800
Your question really has nothing to do with IIS6 and Forms Authentication.
Here's why.
Forms authentication is really just cookie-based authentication. When you
logon with username/password, an application on the server validates it and
sets a cookie to the browser for that given URL scope. The HTTP browser is
supposed to send this cookie back to the server for all requests within that
URL scope, and the server-side application simply verifies that all
"Secured" URL has the correct cookie.
Thus, there is no such thing as "same authentication context". IIS6 knows
nothing about such a thing -- HTTP is stateless and hence no such context --
to IIS, it is just sending request/response back and forth. What you are
really asking is how to ensure that after you've logged on to the server
application that the browser CONTINUES to send the cookie to the server for
a given URL, and that depends on the cookie's URL scope.
Finally, redirections also affect what the browser thinks as "URL Scope" and
thus affect whether it sends the cookie for the server to authenticate.
You will probably be better off asking in
microsoft.public.dotnet.framework.aspnet or www.asp.net Forums on how Forms
auth works -- your question is really unrelated to IIS6.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Grzegorz Kaczor" <grzegorz.kaczor@cc.com.pl> wrote in message news:cu81qn$ebm$1@nemesis.news.tpi.pl... Hello, I have an ASP.NET application in my website in virtual folder A. This folder contains the application itself. I also have a data virtual directory B which contains data that can be seen by authenticated users. I've implemented forms authentication (with application in folder A) in a standard way. I've also set up a redirection in IIS so that every request concerning folder B (for example GET /B/a/b/c) is redirected to A/GetFile.aspx (so the final request is A/GetFile.aspx/a/b/c). This way I can protect contents of the B folder with forms authentication. Now I use the A application to find interesting documents in folder B. I find them and get a list of links, starting with /B... . I click on one of them and I HAVE TO AUTHENTICATE ONCE AGAIN to get access to that file. Is it possible to perform a redirect in the same authentication context? Shall the problem occur if I make B be a subdirectory of A? Thanks Grzegorz Kaczor
- Next message: TimH: "Re: Silent install of URLSCAN ?"
- Previous message: Ben McLaurin: "Scripts and permissions"
- In reply to: Grzegorz Kaczor: "IIS 6 & forms authentication & redirect"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
