473,320 Members | 1,823 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

web.config authorization element not working as expected on ASP.NET Development Server

Ver. VS2005

Hi

I'm using forms authentication and have set the authorization element to
deny anonymous users. This works fine except that when I view the login.aspx
page as an unauthenticated user I am denied access to non-asp files like
css, gif, jpg etc.

The only happens on the ASP.NET Development Server and not when I publish to
an IIS web server.

Can someone let me know why this happens and if there's something I can do
about it?

Thanks
Andrew

Here's the web.config file:

<system.web>
<authentication mode="Forms">
<forms name="ASPXSecurity" loginUrl="Login.aspx" protection="All" path="/"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
Mar 10 '06 #1
1 1565
Hi Andrew,

Welcome to the ASPNET newsgroup.

As for the ASP.NET 2.0/vs 2005 web application with Test web server, when
using Forms Authentication, the problem you encountered does exists. So
there is nothing incorrect in your application's code and configuration.
Actually, the problem is specific to the .NET 2.0/vs 2005 TestWebServer,
because the test webserver dosn't have filter or extension like IIS, all
the requests to the web application(no matter for ASP.NET resources or
static file resource) are processed by ASP.NET runtime, this cause those
static files in our web application also be protected by
formsauthentication(when developing in test server). Of course, when
deploying in IIS server, the application won't suffer this issue. Is your
web application currectly put those static resource (images , scripts ...)
in a certain sub dir? If so, you can consider temporarly grant anonymous
permission for those dirs in forms authorization setting at development
time, that's won't voliate the security when deploying into IIS virtual
dir.

Thanks for your understanding.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Mar 13 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: TaeHo Yoo | last post by:
In my current web.config, I have these lines ----------------------------------------------------------- <authentication mode="Forms"> <forms name="frmAuthentication" loginUrl="login.aspx" />...
6
by: Andrew Connell | last post by:
I have an app where I want virtually everything password protected/secure except for a single directory. That directory handles some custom authentication and contains my login form, but also some...
1
by: Chris Leffer | last post by:
Hi. I would like to confirm a behaviour in the authorization element from the web.config file. Suppose the following (using Forms authentication): <authorization> <deny users="?" /> <deny...
4
by: Mark Olbert | last post by:
I am having a devil of a time trying to get Forms authentication to work in a very simple test webapp (I've gotten it to work many, many times when developing on my WinXP client box, but I've just...
2
by: CW | last post by:
I have run into a really strange problem. My objective is that I only want user who have authenticated themselves to be able to access the website (and authentication is performed by form...
0
by: Adam Getchell | last post by:
I'm attempting to write a custom Authentication module using http://www.15seconds.com/Issue/020417.htm I looked at http://support.microsoft.com/default.aspx?scid=kb;EN-US;307996, but it doesn't...
5
by: Andrew | last post by:
Hi, I have a default.aspx which allows the user to choose between module Admin and module B. When the user clicks either one, he will be redirected to a FormsAuthentication login page. The...
1
by: Arpan | last post by:
Suppose a web.config file (existing in C:\Inetpub\wwwroot\ASPX) has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="AuthenticateUser"...
1
by: Ryan | last post by:
I am trying to log events to SQL Server instead of the computers event log, but, although I get no errors, I have no luck. The webevents_events table is empty. I have a custom event that I am...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.