467,864 Members | 1,900 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,864 developers. It's quick & easy.

cassini, forms authentication and application folder [2.0]

Hi,

I struggle for over an hour with the integrated Cassini web server. the
problem I am facing is as follows:

when I turn forms authentication on in the web.config file, the website
seems to be running in the context of a wrong directory. images, style
sheets and jscripts files placed in app directory (or in subdirectories)
suddenly become invisible to the application. when I move the application to
the IIS, it works as expected but I like the light-weight of Cassini and
still wish to use it for development.

steps to reproduce behavior:

1. create new web application to be run under cassini
2. add two forms, default.aspx and login.aspx
3. on both forms add an image container:
<img src="testimage.jpg" />

where testimage.jpg resides in the application root folder.

3. set the authentication to "Windows"

4. on default.aspx add a Button and place

Response.Redirect( "login.aspx" );

you will see that the image is correctly visible on both forms even if a
redirect takes place.

5. change the authentication to "Forms" with

<authentication mode="Windows">

<forms loginUrl="login.aspx" name="AuthCookie" timeout="60" path="/"
protection="All" />

</authentication >

6. run the application. after the Forms Authentication redirects you to the
login page, you will see that the image container in login.aspx is empty.

even if you manually disable redirect for the default.aspx:

<location path="Default.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
the image is still invisible.

is there a simple and clever way to overcome this issue?

thanks in advance,

Wiktor
Nov 21 '05 #1
  • viewed: 1566
Share:
2 Replies
Wiktor,

You were on the right track in attempting to grant all users access to the
root structure, but access is granted from the top down. In other words you
need to allow all first and then limit pages afterward. The first item in
the security settings overrides all others.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"Wiktor Zychla [C# MVP]" <wz*****@nospm.ii.uni.wroc.pl.nospm> wrote in
message news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi,

I struggle for over an hour with the integrated Cassini web server. the
problem I am facing is as follows:

when I turn forms authentication on in the web.config file, the website
seems to be running in the context of a wrong directory. images, style
sheets and jscripts files placed in app directory (or in subdirectories)
suddenly become invisible to the application. when I move the application
to the IIS, it works as expected but I like the light-weight of Cassini
and still wish to use it for development.

steps to reproduce behavior:

1. create new web application to be run under cassini
2. add two forms, default.aspx and login.aspx
3. on both forms add an image container:
<img src="testimage.jpg" />

where testimage.jpg resides in the application root folder.

3. set the authentication to "Windows"

4. on default.aspx add a Button and place

Response.Redirect( "login.aspx" );

you will see that the image is correctly visible on both forms even if
a redirect takes place.

5. change the authentication to "Forms" with

<authentication mode="Windows">

<forms loginUrl="login.aspx" name="AuthCookie" timeout="60"
path="/" protection="All" />

</authentication >

6. run the application. after the Forms Authentication redirects you to
the login page, you will see that the image container in login.aspx is
empty.

even if you manually disable redirect for the default.aspx:

<location path="Default.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
the image is still invisible.

is there a simple and clever way to overcome this issue?

thanks in advance,

Wiktor

Nov 21 '05 #2
> You were on the right track in attempting to grant all users access to the
root structure, but access is granted from the top down. In other words
you need to allow all first and then limit pages afterward. The first item
in the security settings overrides all others.


that's it. thanks a lot.

I thinks that for security reasons I will rather do in in an oposite way:
deny all first but configure selected items for unrestricted access. anyway,
this works now. thanks again.

Regards,
Wiktor
Nov 21 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Kris van der Mast | last post: by
12 posts views Thread by Brett Robichaud | last post: by
2 posts views Thread by Thomas Scheiderich | last post: by
1 post views Thread by Sumaira Ahmad | last post: by
2 posts views Thread by Grzegorz Kaczor | last post: by
4 posts views Thread by David | last post: by
4 posts views Thread by yancheng.cheok | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.