Hi Mark,
Welcome.
As for the image file displaying in Cookieless forms authentication
protected website (asp.net 2.0), are you developing and testing the
application in buildin test server rather than IIS? If so, this is the
expected behavior because IIS server can handle both static file resources
directly or forward the request to ASP.NET runtime, however when using
buildin test server, all the requests are handled by the test
server(asp.net isapi...) ,then when we using
FormsAuthenticaiotn(cookieless), the related httpmodule will always handle
the request and try authenticate the user (through the embeded user token
string....) so when using a url string without the authenticated uesr's
credential(embeded string), it will occur some problems. In IIS, the
static non-embeded token image url will be used to request the static
resources, you can check the IIS log to see whether web requests....
Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| NNTP-Posting-Date: Sat, 14 Jan 2006 21:07:57 -0600
| From: Mark Olbert <Ch*********@newsgroups.nospam>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Subject: Cookieless Authentication and Relative HTML References
| Date: Sat, 14 Jan 2006 19:07:56 -0800
| Organization: Olbert & McHugh, LLC
| Reply-To:
ma**@arcabama.com
| Message-ID: <iq********************************@4ax.com>
| X-Newsreader: Forte Agent 3.1/32.783
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Lines: 24
| X-Trace:
sv3-8NDckWorfOtUsObhbKeueGZpPZkCsgytWyBEu72Ja2xP3s0IS0 HzH0K5o7PAQiFurPZkUG+9
0sR1J2k!YlouEOpLb0hSDH+DCkoga94MJLchy1Uy8zgyE62ofl 1jiI6d+cYITXHAHv1TKwpV3p03
gQ==
| X-Complaints-To:
ab***@giganews.com
| X-DMCA-Notifications:
http://www.giganews.com/info/dmca.html
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfee d00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!border1.nntp.d ca.giganews.com!nntp.gigan
ews.com!local01.nntp.dca.giganews.com!news.giganew s.com.POSTED!not-for-mail
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:370903
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have a website (ASPNET2) which uses cookieless authentication.
|
| <img> tags on restricted-access aspx pages appear to need the URL
credential fragment (i.e., the long string that encodes the user's
| credentials) to be found...which is contrary to my understanding (under
1.1, at least) as to how resources are controlled. Example:
|
| This tag on a restricted-access aspx page:
|
| <img src="/data/somefile.gif">
|
| Shows up as "not found" (i.e., the image contains a red x). So I tried to
surf to:
|
| http://localhost:<port>/site/data/somefile.gif
|
| and got a resource not found error.
|
| But this URL:
|
| http://localhost<port>/<long user credential fragment>/data/somefile.gif"
|
| displays the expected image.
|
| Did something change between 1.1 and 2.0 in this arena?
|
| - Mark
|
