473,320 Members | 1,887 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Forms Authentication - context changing

Hello,

I have an ASP.NET application in my website in virtual folder A.
This folder contains the application itself. I also have a data virtual
directory B which contains data that can be seen by authenticated users.

I've implemented forms authentication (with application in folder
A) in a standard way. I've also set up a redirection in IIS so that
every request concerning folder B (for example GET /B/a/b/c) is
redirected to A/GetFile.aspx (so the final request is
A/GetFile.aspx/a/b/c). This way I can protect contents of the B folder
with forms authentication.

Now I use the A application to find interesting documents in folder
B. I find them and get a list of links, starting with /B... . I click on
one of them and _I have to authenticate once again_ to get access to
that file.

Is it possible to perform a redirect in the same authentication
context?

Shall the problem occur if I make B be a subdirectory of A?

Thanks
Grzegorz Kaczor
Nov 19 '05 #1
2 1403
I am not entirely sure that I have read your query right, but Forms Auth
works via the cookie (generally, if you using the default web.config
settings ie. cookieless=false) and the cookie is stored/named according to
your host name. So, if site A is http://SiteA and site b is http://SiteB
then the authentication will not carry across to each app.

If you do as you suggested, and make one site a sub-directory of the other
(and even a new virtual directory if you wish) then each site is accessed
using the same host name ie. http://SiteA and
http://SiteA/YourOtherDirectory and the cookie should be available to both
sites, thus you should not have to er-authenticate.

--

- Paul Glavich
ASP.NET MVP
ASPInsider (www.aspinsiders.com)
"Grzegorz Kaczor" <gr*************@cc.com.pl> wrote in message
news:cu**********@nemesis.news.tpi.pl...
Hello,

I have an ASP.NET application in my website in virtual folder A.
This folder contains the application itself. I also have a data virtual
directory B which contains data that can be seen by authenticated users.

I've implemented forms authentication (with application in folder
A) in a standard way. I've also set up a redirection in IIS so that
every request concerning folder B (for example GET /B/a/b/c) is
redirected to A/GetFile.aspx (so the final request is
A/GetFile.aspx/a/b/c). This way I can protect contents of the B folder
with forms authentication.

Now I use the A application to find interesting documents in folder
B. I find them and get a list of links, starting with /B... . I click on
one of them and _I have to authenticate once again_ to get access to
that file.

Is it possible to perform a redirect in the same authentication
context?

Shall the problem occur if I make B be a subdirectory of A?

Thanks
Grzegorz Kaczor

Nov 19 '05 #2
Paul Glavich [MVP ASP.NET] wrote:
I am not entirely sure that I have read your query right, but Forms Auth
works via the cookie (generally, if you using the default web.config
settings ie. cookieless=false) and the cookie is stored/named according to
your host name. So, if site A is http://SiteA and site b is http://SiteB
then the authentication will not carry across to each app.


This is not exactly right. A and B are virtual directories but on the
same site, that is, addresses are http://site/A and http://site/B.

I solved the problem.

The issue was that I typed in the browser URL http://site/A and not
http://site.domain.com/A. The redirection on IIS was set to
site.domain.com. So the cookie set for site (when logging on) was not
sent after redirection.

Thanks,
Grzegorz Kaczor
Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Senthil | last post by:
1. Created a new C# web application project 2. Change the name of webform1 to login.aspx 3. And in the .cs file change the name of the class to login, and include System.web.security namespace....
11
by: VB Programmer | last post by:
PLEASE HELP.... I'm having trouble. In my login form after I've verified the username/password are valid I do this: Select Case iMyPrivilege Case 0 Dim arrRoles() As String = {"guest"}...
3
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
7
by: - Steve - | last post by:
I have forms based authentication working, using my Active Directory for authentication. I have a web page that creates a user in active directory. When I was using IIS authentication it worked...
3
by: Mike | last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have...
5
by: V. Jenks | last post by:
Using forms authentication, can I control which pages and/or directories a user would have access to or is that only available with Windows authentication? Thanks!
2
by: pv_kannan | last post by:
I recently found out that my authentication cookies are not expiring even though I have set the persist property to false. As a result, users are able to access the secure websites with indifferent...
2
by: Wiktor Zychla [C# MVP] | last post by:
Hi, I struggle for over an hour with the integrated Cassini web server. the problem I am facing is as follows: when I turn forms authentication on in the web.config file, the website seems to...
4
by: =?Utf-8?B?RmFyaWJh?= | last post by:
It know that we can use the following method http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx to form authenticate across multiple applications. I have created an asp.net application...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.