Does ASP.Net v.1.1 Forms authentication mode require port 80 for http?

[Michael Coughlin]

I'm trying to do a "proof-of-concept" ASP.Net setup from my home/office.

Since my ISP blocks port 80 - to prevent high-bandwidth serving from residential accounts, I used the cable router to redirect another port (coming in) back to port 80, once inside my LAN.

My client (halfway across the country) can get to the default page (which has no security restrictions, yet). When they click to my .aspx pages, which work fine behind the router, ... nada. IE "needs to shut down"; Netscape just goes back to the default page. Ballgame over.

To experiment, I set one .aspx page to:
<authentication mode="None" />
<authorization>

<allow users="*" /> i.e. allow all users

The other pages use:
<authentication mode="Forms" />
<forms loginUrl="login.aspx" />

<authorization>

<deny users="?" /> <!-- Deny anonymous users -->

So, I was wondering if the http port redirection might be somehow messing up ASP.Net security?

Any insights ... appreciated ...

thanks,
Mike


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.543 / Virus Database: 337 - Release Date: 11/21/2003

[Thomas H]

If you have a Win2k/2003 server, what about creating a VPN for your client? Then they could tunnel into your home/office, and use whatever port they wanted to. PPTP uses port 1723, as defined by [url]http://www.iana.org[/url] . (Full list at [url]http://www.iana.org/assignments/port-numbers[/url] ) Quick & dirty test; set up a web site on your server, but change the properties/identification tab to use port 1723.

Or.. along the same lines, I guess... change your web server to use another port, one that isn't blocked, preferably something in the private/dynamic range.

It doesn't quite answer your question, but maybe it presents an easier alternative.

-TH
"Michael Coughlin" <noSpam@anywhere.net> wrote in message news:eqg5g4GvDHA.2360@TK2MSFTNGP10.phx.gbl...
I'm trying to do a "proof-of-concept" ASP.Net setup from my home/office.

Since my ISP blocks port 80 - to prevent high-bandwidth serving from residential accounts, I used the cable router to redirect another port (coming in) back to port 80, once inside my LAN.

My client (halfway across the country) can get to the default page (which has no security restrictions, yet). When they click to my .aspx pages, which work fine behind the router, ... nada. IE "needs to shut down"; Netscape just goes back to the default page. Ballgame over.

To experiment, I set one .aspx page to:
<authentication mode="None" />
<authorization>

<allow users="*" /> i.e. allow all users

The other pages use:
<authentication mode="Forms" />
<forms loginUrl="login.aspx" />

<authorization>

<deny users="?" /> <!-- Deny anonymous users -->

So, I was wondering if the http port redirection might be somehow messing up ASP.Net security?

Any insights ... appreciated ...

thanks,
Mike


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.543 / Virus Database: 337 - Release Date: 11/21/2003