After a few more tests, it seems that: if you have a IIS web application with
Anonymous access configured at root level, and one page configured with IWA
(and no Anonymous), everything works ok until you hit the IWA - protected
page. After that, if you post back from the IWA protected page on itself, it
works. Instead, if you do a cross-page post back from the IWA protected page
to an Anonymous page, it does not post any content back, although the HTTP
method used is POST. Now, after leaving the IWA protecte page, in any other
unprotected (Anonymous) page, the post back on itself does not work. But, if
you do a cross-page post back from an unprotected page to an IWA-protected
page, it posts ok. So, it seems that IE has a bug. It is reproduced in both
IE6 & 7.
On the other side, if you have your web-site configured as Anonymous & IWA,
but for one "Protected" page that has only IWA, all pages are accessed
anonymously, and post back ok on themselves or cross-page. When you hit the
protected page, it post back ok on itself. It also cross-page posts back to
an unprotected page, but now you see that the WWW-Authenticate header is sent
also to "Anonymous & IWA" pages. In this scenario post backs work ok on all
pages.
"Sergiu Damian" wrote:
>
I also get the same behavior. I have an ASP.NET 3.5 AJAX enabled application
that uses mixed-mode authentication. It actually uses Forms Authentication
but has a page that uses Integrated Windows Authentication and sets the Forms
Auth cookie if it authenticates properly, otherwise redirects to the normal
Forms Login page.
Now, when I deactivate IWA for all pages except the special IWA page,
posting back just sends "nothing" back to the page. Request.Form is empty,
Request.ContentLength is zero. This is annoying.
I also see it working ok from IE through Fiddler. It also works properly
from FireFox with or without Fiddler.
"Jag" wrote:
Hi
I am facing a strange issue. I have 3 ASP pages in the default
website
1. auth.aspx
-
<html>
-
<body>
-
Auth Page
-
<br />
-
<a href = "anon.aspx">Anon Page</a>
-
</body>
-
</html>
-
2. anon.aspx
-
<html>
-
<body>
-
Normal Page
-
<form action = "resp.aspx" method = "post">
-
<input type = "text" name = "un" />
-
<input type = "submit" />
-
</form>
-
<br />
-
<a href = "auth.aspx">Auth Page</a>
-
</body>
-
</html>
-
3. resp.aspx
-
<html>
-
<body>
-
Bytes : <%= Request.TotalBytes %>
-
</body>
-
</html>
-
In IIS, auth.aspx is set to have Integrated Windows Authentication.
The
other two have anonymous access.
Here are the actions I perform on IE7.
1. Navigate to http://localhost/anon.aspx
2. Type some text and submit the form.
3. The response shows the number of bytes correctly.
4. Click the back button on browser.
5. Navigate to auth.aspx
6. Enter required credentials, if prompted. The page loads
successfully.
7. Go back to http://localhost/anon.aspx
8. Type some text and submit the form.
9. Strangely, the response shows that zero byte was posted.
So, whenever I go to a page with IWA enabled and then move onto a
page
with anonymous access, if a form exists in that page, and the form
submission method is POST, the submission fails. The only workaround
is to close the browser and open it again.
This does not happen in Mozilla Firefox.
This does not happen when I use Fiddler with IE7.
Could someone explain what's going wrong?
Thanks.
UNT,
Jag
