473,786 Members | 2,344 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forms Authentication via SSL question

I have an ASP.NET application using forms authentication. I works without
any problems.

I have been trying to enable the login process to work over SSL but it fails
with the same problem everytime: "Access is denied". I have created my own
SSL certificate and enabled SSL encryption on a sub-directory of the web
site called "/IRWebAdmin/secure". In this directory is my "AdminLogin.asp x"
page.

In the root directory is my "AdminMain.aspx " page that is set as the
applications default page. On startup the application is directory to the
"/IRWebAdmin/AdminMain.aspx" page, which then is then referred to
"/IRWebAdmin/secure/AdminLogin.aspx " to login.

My web.config settings are:


<authenticati on mode="Forms" >
<forms loginUrl="https ://localhost/IRWebAdmin/secure/AdminLogin.aspx "
requireSSL="tru e"
protection="All "
timeout="20"
name=".IRADM"
path="/secure"
slidingExpirati on="true">
</forms>
</authentication>

<authorizatio n>
<deny users="?" />
</authorization>


On running the application I get the standard security alert due to the
certificate not being from a trusted authority. Clicking YES then displays
this error page:

Server Error in '/IRWebAdmin' Application.

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.

Error message 401.2.: You do not have permission to view this directory or
page using the credentials you supplied. Contact the Web server's
administrator for help.
Version Information: Microsoft .NET Framework Version:1.1.432 2.573; ASP.NET
Version:1.1.432 2.573


Does anyone have any information as to what I am doing wrong? I have trawled
the web for days now and nothing gives me the exact answer.

Regards,
Gareth.
Nov 18 '05 #1
1 1759
Have you tried installing your Certificate Authority as a trusted CA in the
"Trusted Root Ceritifcation Authorities" for your local machine (ie. both
server and client)?

--
- Paul Glavich
Microsoft MVP - ASP.NET
"Gareth" <gareth> wrote in message
news:OL******** ******@TK2MSFTN GP09.phx.gbl...
I have an ASP.NET application using forms authentication. I works without
any problems.

I have been trying to enable the login process to work over SSL but it fails with the same problem everytime: "Access is denied". I have created my own SSL certificate and enabled SSL encryption on a sub-directory of the web
site called "/IRWebAdmin/secure". In this directory is my "AdminLogin.asp x" page.

In the root directory is my "AdminMain.aspx " page that is set as the
applications default page. On startup the application is directory to the
"/IRWebAdmin/AdminMain.aspx" page, which then is then referred to
"/IRWebAdmin/secure/AdminLogin.aspx " to login.

My web.config settings are:


<authenticati on mode="Forms" >
<forms loginUrl="https ://localhost/IRWebAdmin/secure/AdminLogin.aspx "
requireSSL="tru e"
protection="All "
timeout="20"
name=".IRADM"
path="/secure"
slidingExpirati on="true">
</forms>
</authentication>

<authorizatio n>
<deny users="?" />
</authorization>


On running the application I get the standard security alert due to the
certificate not being from a trusted authority. Clicking YES then displays
this error page:

Server Error in '/IRWebAdmin' Application.

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.

Error message 401.2.: You do not have permission to view this directory or
page using the credentials you supplied. Contact the Web server's
administrator for help.
Version Information: Microsoft .NET Framework Version:1.1.432 2.573; ASP.NET Version:1.1.432 2.573


Does anyone have any information as to what I am doing wrong? I have trawled the web for days now and nothing gives me the exact answer.

Regards,
Gareth.

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
4841
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
.NET Framework
3
2723
Combine Forms Authentication with Windows
by: Nick | last post by:
I am working a new application...well actually a series of applications for my company. They want internal users to be able to go to a site and everything regarding security is transparent, however we will have brokers and customers that also need to connect and will require a username and password. In this case we were going to store their credentials in a SQL database. Internal users will have the ability to access the same resources...
.NET Framework
11
3603
Forms Authentication Problem
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get any requested page to automatically go to the Login.aspx page, AND, the ReturnURL querystring is correct in the address bar, but no matter what, I can't get it, once the user is authenticated, to redirect to the new page. It ALWAYS refreshes the...
ASP.NET
1
3511
Multiple sessions and forms-based authentication
by: Rob | last post by:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The web.config file is configured as such: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" name="myApplication"/> </authentication>
ASP.NET
2
2515
Forms Authentication question: How to have some pages open and some requiring forms authentication
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having trouble getting the web.config to work properly. First I tried to have a second web.config in the sub directory with authentication and authorization set to forms, but it blew up. Next, I tried to modify the root web.config in the following manner...
ASP.NET
7
2047
Trouble with forms authentication
by: Justin | last post by:
I am trying to password protect a subdirectory using forms authentication. I am using the "Location" tag to specify the directory to be protected. The login.aspx page is in the root directory of the app. Here is the web.config: <location path="Admin"> <system.web> <authentication mode="Forms"> <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30"> <credentials passwordFormat="Clear"> <user name="Admin"...
ASP.NET
5
1667
Forms Auth. Question
by: V. Jenks | last post by:
Using forms authentication, can I control which pages and/or directories a user would have access to or is that only available with Windows authentication? Thanks!
ASP.NET
18
6882
Forms authentication and session expiration
by: Rippo | last post by:
Hi I am using role base forms authentication in asp.net and have come across a problem that I would like advice on. On a successful login a session variable is set to identify a user. This is all good as this session variable is used to retrieve data for that user etc. However if I restart the webserver then the users session is lost but the ticket is still active. Therefore the user is not redirected back to the login page.
ASP.NET
4
5327
Forms authentication vs session variable
by: Bjorn Sagbakken | last post by:
In a web-application with login creds (user, pwd), these are checked against a user table on a SQL server. On a positive validation I have saved the userID, name, custno and role-settings in a userobject (custom build class) and added this to the session using as session variable like session For all other pages I have added a small test in the page_load event, basically testing if the session != null, but also checking if the...
ASP.NET
5
3568
Forms Authentication vs MembershipProvider
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the creation of content which adjusts based on the user. I have several pages which require a user to be logged on and several which do not. Prior to this point in time I have used 2 different master pages. one with a control which checks a session...
ASP.NET
0
10163
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9959
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8988
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7510
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6744
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5397
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4063
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3668
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2894
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us