Wiktor,
You were on the right track in attempting to grant all users access to the
root structure, but access is granted from the top down. In other words you
need to allow all first and then limit pages afterward. The first item in
the security settings overrides all others.
--
Sincerely,
S. Justin Gengo, MCP
Web Developer / Programmer
www.aboutfortunate.com
"Out of chaos comes order."
Nietzsche
"Wiktor Zychla [C# MVP]" <wz*****@nospm.ii.uni.wroc.pl.nospm> wrote in
message news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi,
I struggle for over an hour with the integrated Cassini web server. the
problem I am facing is as follows:
when I turn forms authentication on in the web.config file, the website
seems to be running in the context of a wrong directory. images, style
sheets and jscripts files placed in app directory (or in subdirectories)
suddenly become invisible to the application. when I move the application
to the IIS, it works as expected but I like the light-weight of Cassini
and still wish to use it for development.
steps to reproduce behavior:
1. create new web application to be run under cassini
2. add two forms, default.aspx and login.aspx
3. on both forms add an image container:
<img src="testimage.jpg" />
where testimage.jpg resides in the application root folder.
3. set the authentication to "Windows"
4. on default.aspx add a Button and place
Response.Redirect( "login.aspx" );
you will see that the image is correctly visible on both forms even if
a redirect takes place.
5. change the authentication to "Forms" with
<authentication mode="Windows">
<forms loginUrl="login.aspx" name="AuthCookie" timeout="60"
path="/" protection="All" />
</authentication >
6. run the application. after the Forms Authentication redirects you to
the login page, you will see that the image container in login.aspx is
empty.
even if you manually disable redirect for the default.aspx:
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
the image is still invisible.
is there a simple and clever way to overcome this issue?
thanks in advance,
Wiktor