Ask a Question related to ASP.NET Security, Design and Development.
-
trinitypete #1
Forms Authentication and Custom errors
Hi all,
I've searched this problem and sort of found the resolution but cant get it
to work.
Web site using forms authentication, just switched
<customErrors
defaultRedirect="public/Error.aspx" mode="On"
/>
got in to the problem where system redirects to error page but because not
authenticated, returns back to the login.
Found the location element for web config, now have 2 directories under
root, one called pages and another called public, implemented the location
elements and now I get the error
Runtime Error
Description: An application error occurred on the server. The current custom
error settings for this application prevent the details of the application
error from being viewed.
Here is the web config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<identity impersonate="true"
userName="TRINITY\INetCommerceUSR"
password="ytinirt"/>
<compilation
defaultLanguage="c#"
debug="true"
/>
<customErrors
defaultRedirect="public/Error.aspx" mode="On"
/>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="pages/Login.ASPX" protection = "All" />
</authentication>
<authorization>
<allow users="*" /> <!--Challenge only anonymous users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
? - challenge only anonymous users
* - Challenge all users
-->
</authorization>
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="true"
timeout="20"
/>
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
<location path="pages">
<system.web>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>
<location path="public">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
Any ideas?
Pete.
trinitypete Guest
-
Accessing htm files without authentication (forms authentication)
I have application with forms authentication. All works fine. When user opens .aspx file gets login form, login and then get the .aspx page. But... -
ASP.Net Forms authentication with basic authentication popup
Relatively new to ASP.Net but have a strange problem. My site uses forms authentication for a large administration section however after the user... -
Forms authentication then redirection to a secure web with NT authentication?
Hi, I want to allow access to particular secured intranet web sites. These intranet are stored in sharepoint (2003 version) Actually I've... -
Authentication ticket, cookieless, forms authentication?
Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the... -
Authentication and custom errors
I have an intranet application that uses w2k Integrated Windows Authentication to authenticate users. We now have a situation where people will be... -
[MSFT] #2 RE: Forms Authentication and Custom errors
Hello,
If you temporarily remove following lines:
<customErrors
defaultRedirect="public/Error.aspx" mode="On"
/>
And let the browser output the raw error message, what will you get?
Luke
[MSFT] Guest
-
trinitypete #3 RE: Forms Authentication and Custom errors
Hi,
Thanks for the reply.
I removed the lines as suggested. It is an ApplicationException that I am
throwing just to check the error handling from the logon form. It was this
testing that highlighted the problem.
I just get the standard detailed .Net error message displaying the
application exception and call stack.
A bit more info although I dont think it is relevant. The web config has
been set not to use cookies and the FormsAuthentication redirection from
logon page has been done with the
MobileFormsAuthentication.RedirectFromLoginPage()
Pete.
"[MSFT]" wrote:
> Hello,
>
> If you temporarily remove following lines:
>
> <customErrors
> defaultRedirect="public/Error.aspx" mode="On"
> />
>
> And let the browser output the raw error message, what will you get?
>
> Luke
>
>trinitypete Guest
-
[MSFT] #4 RE: Forms Authentication and Custom errors
Hi Pete,
Is it a ASP.NET Mobile application? (I saw you mentioned
"MobileFormsAuthentication"). I used to think it is a ASP .NET issue. I am
not a professional on the mobile issues. Is the same problem occur with IE
client?
Luke
[MSFT] Guest
-
trinitypete #5 RE: Forms Authentication and Custom errors
Hi Luke,
Got it - although dont know why.
It isn't a mobile application, I am using a cookieless session therefore
using the mobileformsauthentication.redirect etc. works like the
formsauthentication.redirect but instead of creating a cookie it appends the
cookie to the query string.
Anyhow, I removed the error page and recreated it from scratch. Recompiled
etc. and the error default redirection worked fine. Odd - maybe the error
page was erroring out and as the custom error page couldn't be displayed
therefore .Net needed to revert the call the standard .Net error page but the
cutom errors setting wasn't set to support the standard page hence the error
reporting that cutomer errors setting incorrect.
Seems to fit!
Anyhow onwards and upwards - thanks for your input.
Pete.
"[MSFT]" wrote:
> Hi Pete,
>
> Is it a ASP.NET Mobile application? (I saw you mentioned
> "MobileFormsAuthentication"). I used to think it is a ASP .NET issue. I am
> not a professional on the mobile issues. Is the same problem occur with IE
> client?
>
> Luke
>
>trinitypete Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
