Ask a Question related to ASP.NET Security, Design and Development.
-
Steve R. #1
Forms Auth. allows anyone in if server accessed locally
I am developing my ASP.NET application with VS and the ASP.NET server
on the same box. When I attempt to access protected (in web.config)
pages locally, inside or outside of VS, it incorrectly lets me in
without asking me to log in. On a remote box, it behaves correctly. I
have other apps on that server that force a logon correctly when
accessed locally. I've developed several apps on this exact same box
and this issue has never shown up before.
This is just a simple development web server. Both apps mentioned are
in the same Default Web Site, both web configs are the same. I've
stared at both of them for what seems like hours. I've checked the
settings in IIS, again, no appaarent differences. Here's the relevant
part of web.config for the app that allows complete access without a
logon:
<system.web>
<authentication mode="Forms">
<forms name="AHDAuth" loginUrl="logon.aspx" protection="All"
path="/" />
</authentication>
</system.web>
SNIP
<location path="Quote.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="SupplierInfo.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Any help would be accepted gratefully.
Steve R. Guest
-
Forms Auth Info passed to Windows Auth?
The requirement is to build an ASP.Net intranet application, so external users can log in to the main web portal via forms authentication, using... -
Forms auth w/AD, web server not a member of domain
I want to use Forms Authentication and authenticate user credentials against active directory. Using advapi32.dll and LogonUser I am able to do... -
FORMS AUTH HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I'm using forms Auth! Why am i getting the error:-I HAVE DONE EVRYTHING NEEDED! Error authenticating. Error obtaining group names. The specified... -
Help with forms auth
Hi, I am using forms Auth on my WEB APP. I am checking the credentials in sql server. When a user request any page other than login.aspx they get... -
Configuring Windows Auth & Forms Auth in Asp.Net
Configuring Windows Auth & Forms Auth in Asp.Ne Hi, I've configured a web app to use windows authentication and also set up two separate... -
ranganh #2 RE: Forms Auth. allows anyone in if server accessed locally
Dear Steve
Have you used Persistent Cookie? In case you use the same unless you explicitly logout, th
system would recognize if you had logged in once
It would be be better if you put the code which you use to authenticate, the formsauthentication code
----- Steve R. wrote: ----
I am developing my ASP.NET application with VS and the ASP.NET serve
on the same box. When I attempt to access protected (in web.config
pages locally, inside or outside of VS, it incorrectly lets me i
without asking me to log in. On a remote box, it behaves correctly.
have other apps on that server that force a logon correctly whe
accessed locally. I've developed several apps on this exact same bo
and this issue has never shown up before
This is just a simple development web server. Both apps mentioned ar
in the same Default Web Site, both web configs are the same. I'v
stared at both of them for what seems like hours. I've checked th
settings in IIS, again, no appaarent differences. Here's the relevan
part of web.config for the app that allows complete access without
logon
<system.web><authentication mode="Forms"><forms name="AHDAuth" loginUrl="logon.aspx" protection="All
path="/" /></authentication></system.web
SNI
<location path="Quote.aspx"><system.web><authorization><deny users="?" /></authorization></system.web></location><location path="SupplierInfo.aspx"><system.web><authorizatio n><deny users="?" /></authorization></system.web></location
Any help would be accepted gratefully
ranganh Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
