Hi All -
I'm an MCAD and I've got a real head-scratcher here.
I've created a ASP.NET Web Application for a client that
essentially is a wrapper for SQL Reporting Services (they wanted a
custom security model). The application uses ASP.NET 2.0 and forms
authentication to lock down the site. I've used Forms Authentication in
the past and have never had the problem I'm about to describe.
The site works perfectly on my development machine, but after
uploading it to the server, the server completely ignores the forms
authentication, allowing anyone to access any page in the site. The
site works otherwise exactly as it should--no code errors, nothing.
Here is the pertinent information about the server:
Windows 2003 Server
ASP.NET 1.1 is used by default
ASP.NET 2.0 is installed and functional for this application
It has SQL Reporting Services 2005 and Great Plains Portal
installed (which uses Sharepoint--I have already excluded the
application path using stsadm)
From the logon script, the page does the correct database check
and sets the cookie, however, somehow the user is never actually logged
on. I have a logonview control in the master page file and the loggedon
template never appears, but I am given access to the full site.
Accessing a locked-down page without logging on is granted, as if
the web config files weren't set correctly, but I have a web config
file inside each folder preventing anonymous users.
Any Ideas?
-Mark
5  1542 
What do you mean...asp.net 1.1 is used by default? I think that you
must set IIS to run asp.net 2.0 (and then reboot afterwards) before
your app can run properly. Folks, feel free to correct me if I am
wrong...
Mark Milley wrote: Hi All -
I'm an MCAD and I've got a real head-scratcher here.
I've created a ASP.NET Web Application for a client that
essentially is a wrapper for SQL Reporting Services (they wanted a
custom security model). The application uses ASP.NET 2.0 and forms
authentication to lock down the site. I've used Forms Authentication in
the past and have never had the problem I'm about to describe.
The site works perfectly on my development machine, but after
uploading it to the server, the server completely ignores the forms
authentication, allowing anyone to access any page in the site. The
site works otherwise exactly as it should--no code errors, nothing.
Here is the pertinent information about the server:
Windows 2003 Server
ASP.NET 1.1 is used by default
ASP.NET 2.0 is installed and functional for this application
It has SQL Reporting Services 2005 and Great Plains Portal
installed (which uses Sharepoint--I have already excluded the
application path using stsadm)
From the logon script, the page does the correct database check
and sets the cookie, however, somehow the user is never actually logged
on. I have a logonview control in the master page file and the loggedon
template never appears, but I am given access to the full site.
Accessing a locked-down page without logging on is granted, as if
the web config files weren't set correctly, but I have a web config
file inside each folder preventing anonymous users.
Any Ideas?
-Mark
No, you CAN have mutiple instance of the framework being used by IIS.
After installing the .NET Framework 2.0, you simply use
C:\WINDOWS\Microsoft.NET\Framework\v2.0.xxxx\aspne t_regiis -i on a
particular virutal directory to install ASP.NET 2.0 to that folder, or,
you can install ASP.NET to the entire server (by not specifying a
path).
You can also do the opposite; if you have installed ASP.NET 2.0 to the
root (with recursion), you can specify asp.net 1.1 to a virtual
directory by using the aspnet_regiis in the v1.1.xxxx folder.
Thanks...
Further Wierdness...
....It's not even sending the forms auth cookie to my browser. WTF???
Okay, this looks like some kind of bug. My best guess is that great
plains portal/sharepoint may be the culprit.
After I moved the application into it's own web site (instead of a web
application under the root) everything worked beautifully.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: tommy |
last post by:
hello everbody,
i write a little asp-application with forms-authentication.
i copy my aspx-files with web.config to my webspace and i get the
error above...
i tried to set the...
|
by: Ed |
last post by:
Hi
I currently have an asp.NET project. I'm using Access 2003 and forms authentication to authenticate users. Can anyone tell me how to set the roles in asp.NET so that it recognizes them? The...
|
by: Tessa |
last post by:
Is there any security reason why you cannot print to a network printer from
ASP.NET under IIS6 on Windows 2003 server?
I'm using ASP.NET code to print to a server print queue using...
|
by: pberna |
last post by:
Dear all,
I built a Web Form application to start and stop a Windows Service remotely.
I successful tested the application on Windows 2000 server + IIS. I must
include the ASPNET user
to the...
|
by: Marty |
last post by:
Something strange is happening on my web site since my hosting provider
upgraded to Server 2003 a few weeks ago.
I use forms authentication in my asp.net application, with essentially
the...
|
by: Joergen Bech |
last post by:
Fairly new to ASP.NET 1.1. Getting the error below when running
application on a web server outside of my control, but only the first
time I run it:
1. After a long period of inactivity (or...
|
by: JayD |
last post by:
(Not sure whether it is a general aspnet problem or a specific security
problem, hence posting it in 2 groups).
This will solve for us a number of problems. I have developed a website on my...
|
by: Marc |
last post by:
Hi,
The last week I just started using C# to build an asp.net app.
Using IIS 5.1 locally is not a problem but I'm wondering what the long term
cost will be when I host my own website....
|
by: Jarf |
last post by:
I have and ASP.Net 2.0 application I've set the session state to use
SQL Server and I modified the Timeout setting to be 60 minutes.
However, my session is still expiring in 20 minutes. Looking in...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
