473,386 Members | 1,715 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > formsauthentication ignores web.config

Join Bytes to post your question to a community of 473,386 software developers and data experts.

formsauthentication ignores web.config

Background:
In the root of my webapp the web.config looks like:

<authentication mode="Forms">
<forms loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
The folder is set in IIS to Application Status

In a subdirectory, where I want to have access controlled, I changed
web.config to :

<authorization>
<allow roles="Chefs"></allow>
<deny users="*"></deny>
</authorization>

Problem:
I still can access all the files in the subdirectory, despite no
authentication has been taken place. no login.aspx or whatever is
displayed, when I try to access a file unauthorised.

Any Idea??

thanks
dirk
Nov 17 '05 #1
4 2132
"Dirk Meusel" <dm*@rcs.urz.tu-dresden.de> wrote in message
news:53**************************@posting.google.c om...
Background:
In the root of my webapp the web.config looks like:

<authentication mode="Forms">
<forms loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
The folder is set in IIS to Application Status

In a subdirectory, where I want to have access controlled, I changed
web.config to :

<authorization>
<allow roles="Chefs"></allow>
<deny users="*"></deny>
</authorization>

Problem:
I still can access all the files in the subdirectory, despite no
authentication has been taken place. no login.aspx or whatever is
displayed, when I try to access a file unauthorised.


Try putting the following into the top-level web.config:

<configuration>
<location path="dir/subdir">
<system.web>
<authorization>
<allow roles="Chefs"></allow>
<deny users="*"></deny>
</authorization>
</system.web>
</location>
</configuration>

--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
Nov 17 '05 #2
thanks for your quick reply, John,

It does not work either! I even tried to set the subdirectory to
Application Status within IIS nothing changes.

Even if I have the following in the web.config of the subdirectory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>

I still get full access without any redirecting to login.aspx. It seems
as ASP.NET simply does ignore the web.config in the subdirectory.

Do you have any further idea?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 17 '05 #3
"Dirk Meusel" <dm*@rcs.urz.tu-dresden.de> wrote in message
news:Oi****************@tk2msftngp13.phx.gbl...
thanks for your quick reply, John,

It does not work either! I even tried to set the subdirectory to
Application Status within IIS nothing changes.

Even if I have the following in the web.config of the subdirectory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>

I still get full access without any redirecting to login.aspx. It seems
as ASP.NET simply does ignore the web.config in the subdirectory.

Do you have any further idea?


It does work. All of my web sites use it.

Remove the web.config from the subdirectory. Also, try using <location
path=".." allowOverride="false"> instead.

Also, I should have stated the set of paths I meant in my example. I was
talking about a site like:

http://site/
http://site/dir
http://site/dir/subdir

The <location> element I provided should allow only Chefs into subdir.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
Nov 17 '05 #4
Dirk, what you're doing wrong is having a web.config in the directory you
want to control. That essentially creates a new ASP.NET application that has
no ties to the parent app and therefore doesn't know there's a form
authentication (and your authorization setup is ignored because of that).
Just remove the web.config from the subdir you want to control.

The first example below - you're allowing anonymous users to access your
app. In the second you're only allowing single user to access it, that's why
you're getting the login form. What did you expect?

Jerry

"Dirk Meusel" <dm*@rcs.urz.tu-dresden.de> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I know that it should work, I read it in three books and three
knowledgebase articles as well, but it doesn't

It don't know what I'm doing wrong. Now I tried to find the error step
by step,

when I have the following in the web.config of the root dir:
<authentication mode="Forms">
<forms loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<allow users="?" />
<deny users="*" />
</authorization>

I can access the application without having been redirected to
login.aspx at all (but an asp:label that shows the
Page.User.Identity.Name as Text shows nothing)

When I use:
<authentication mode="Forms">
<forms loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<allow users="Dirk Meusel" />
<deny users="*" />
</authorization>

I get the login.aspx first, when I logon I can access the application
and the label shows my Username.

I read that ? represents anonymous users. Is that wrong? What else could
I've done wrong?

Thank you for your patience :-)
Dirk
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 17 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
while using FormsAuthentication exempt a directory
by: Mike | last post by:
I want to exempt an entire subdirectory "/help" from the need for FormsAuthentication. How can I do it? I am using .Net FormsAuthentication to require login to all non member pages in my...
.NET Framework
5
FormsAuthentication.SignOut not working within subfolder
by: Jeff Johnson | last post by:
I'm using forms authentication to protect a subfolder within my site. I've got it working fine except for two issues: (1) When I do a RedirectFromLogin page I have to put a cookie path ("/"...
ASP.NET
3
FormsAuthentication - <http://localhost> Works, <http://RealMachineName> Does Not
by: T. Regan | last post by:
I have a test app where I have Forms Authentication set up. When I build and run the app as http://localhost/testapp/login.aspx, it runs correctly. I get the login prompt and the proper...
ASP.NET
4
DESPERATE: FormsAuthentication Problem
by: Jeff B | last post by:
I am having a very perplexing problem with setting the user's roles. I have tried to figure this out for 2 days now. When the user logs in to the site, I retrieve the roles from the database and...
ASP.NET
8
FormsAuthentication.RedirectFromLoginPage
by: Andy Sutorius | last post by:
Hi, For some reason the login.aspx webpage redirects to itself after a successful login and not to the url in the address bar. I have stepped through this with debug and it behaves as it is...
ASP.NET
1
FormsAuthentication works as expected on a couple older websites, but not the same on a new website...
by: Dean R. Henderson | last post by:
I setup FormsAuthentication on a couple websites where it has been working as expected for a long time. I used this code to setup the same type of authentication on a new website I am working on...
ASP.NET
1
When are the FormsAuthentication class' configuration settings read?
by: matt | last post by:
Hi, I'm writing a HttpModule which is going to require certain settings in the FormsAuthentication configuration (for example, I need to ensure enableCrossAppRedirects = true). Now my best...
ASP.NET
2
FormsAuthentication Cookie
by: rn5a | last post by:
A web.config file has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="NETConnectCookie" loginUrl="Login.aspx"> <credentials passwordFormat="SHA1"/>...
ASP.NET
2
FormsAuthentication.SignOut() not working
by: parez | last post by:
Hi ALl, I had problem with FormsAuthentication.SignOut(). It wasnt working. Looked arround and saw a lot of posts and different solutions to the problem. And some how (i dont nkow what...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!