472,961 Members | 1,505 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > why no 403 error for forms auth?

Join Bytes to post your question to a community of 472,961 software developers and data experts.

Why no 403 error for Forms Auth?

Stupid question time: Why does Forms Auth just keep going to the login page
when access is denied? A 403 error is never raised..at least in my testing
it doesn't.

If I have a particular web or just a page secured then anyone accessing the
page, who is already authenticated but not a permitted user or perhaps not
in a permitted role, will just keep getting the login page. If the user is
permitted or is in the proper role they do get access (yes, I have code in
Application_AuthenticateRequest to populate roles for the user context).
But if using Windows Auth and Windows Roles then a 403 is raised if the user
attempts to access a secure site or page.

It would seem I have to use the User.IsInRole test on each secured page to
throw an access denied error and send the user to an access denied page.
Nov 18 '05 #1
2 1687
Brad wrote:
Stupid question time: Why does Forms Auth just keep going to the login page
when access is denied? A 403 error is never raised..at least in my testing
it doesn't.

If I have a particular web or just a page secured then anyone accessing the
page, who is already authenticated but not a permitted user or perhaps not
in a permitted role, will just keep getting the login page. If the user is
permitted or is in the proper role they do get access (yes, I have code in
Application_AuthenticateRequest to populate roles for the user context).
But if using Windows Auth and Windows Roles then a 403 is raised if the user
attempts to access a secure site or page.

It would seem I have to use the User.IsInRole test on each secured page to
throw an access denied error and send the user to an access denied page.


My understanding is that 403 is a server code sent by IIS, meaning you
have no access. It reads the security setup in IIS, not the forms
authentication info. This forms authentication code is separate, and
run after IIS hands the request off to the aspnet process (where forms
auth happens).

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET

Nov 18 '05 #2
"Brad" <no****@co.lane.or.us> wrote in message
news:e3**************@TK2MSFTNGP09.phx.gbl...
Stupid question time: Why does Forms Auth just keep going to the login page when access is denied? A 403 error is never raised..at least in my testing it doesn't.


The 403 is being raised, but the Forms Authentication module sees this
status code as it is being sent back out. It reacts to the 403 by
redirecting to the login page.
--
John Saunders
John.Saunders at SurfControl.com
Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
forms authentication ticket .userdata vanishing
by: e | last post by:
I'm using forms authentication on a site. When the user logs in via the login page, the entered creds are checked against AD, and if valid, an encrypted forms authentication ticket is produced and...
ASP.NET
0
Configuring Windows Auth & Forms Auth in Asp.Net
by: Chris Mohan | last post by:
Hi, I've configured a web app to use windows authentication and also set up two separate subdirectories to use forms authentication. It appears to work fine but I have never seen a sample that...
ASP.NET
4
Forms Auth cookie vanishes immediately after login
by: 23s | last post by:
I had this problem in the past, after a server reformat it went away, and now after another server reformat it's back again - no clue what's doing it. Here's the flow: Website root is public, no...
ASP.NET
1
Forms Authentication - Not timing out, not redirecting.
by: AVance | last post by:
Hi, I've come across this scenario in ASP.NET 1.1 with forms authentication where the forms auth doesn't seem to timeout correctly, nor redirect to the login page. I have done some testing, and...
ASP.NET
0
It is an error to use a section registered as allowDefinition='Mac
by: dba123 | last post by:
My web site is definitely configured as an application in IIS. So what else could it be? I had added some of our code to this 3rd party's web.config shown below. So I don't know if it's the 3rd...
C# / C Sharp
3
CurrentContext with forms auth
by: Smokey Grindle | last post by:
I am using forms authentication with a custom user database... I was wondering, when logging in using forms auth, does the HttpContext.Current.User return the forms logged in user or the AD user...
ASP.NET
8
Forms Authentication - Really really basic question
by: =?Utf-8?B?TFc=?= | last post by:
Hello! I am just learning about forms authentication so please excuse this basic question. I am using .NET 1.1 and C#. I have created my web.config file and my login.aspx and the associated cs...
ASP.NET
4
Forms Authentication Across Applications
by: =?Utf-8?B?RmFyaWJh?= | last post by:
It know that we can use the following method http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx to form authenticate across multiple applications. I have created an asp.net application...
ASP.NET
0
forms based auth question
by: tagg3rx | last post by:
Hi All, I'm trying to get forms based auth up and working and I'm running into a little snag. My login page needs to access css files and images in my application and when I enable the...
.NET Framework
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
3
NeoPa
VBA Class Basics
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
0
NeoPa
VBA Class Basics (Report Class)
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 6 Dec - Streamline Your Import/Export Spec Workflow with VBA Classes
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
Microsoft Access / VBA
2
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!