Forms Authentication to specific folders

[Michael Tissington]

I have a web application that is using Forms Authentication (with
users/passwords stored in a database) and for the most part it is working.

I have a web page with links on it to files of different types (exe, zip,
pdf)

When the user clicks on one of these links I'd like them to have to log on
and then they can download the file (or any file in the same folder)

How can I set this up ?

Thanks.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

[MSFT]

Hi Michael ,

Thank you for using MSDN Newsgroup. I am Luke and I am review this issue
currently. As I understand, you have an ASP.NET application with form
authentication. When user request an ASPX file, he will be redirected to
logon form first. When user request a different file (exe, zip, pdf), you
also need this behavior.

To achieve this, we need change the virtual folder's configaration so that
ASP.NET also manage the request for these kind of request ( I use IIS 6.0
as demo):

1. Open IIS Manager in Administrator Tools, browse to the virtual folder,
right click it and select Properties.
2. On Directory tab, click button "Configration..." and you will see the
Application extensions list.
3. Click Add button, add a application extension for .exe. Set 'Executabel'
to C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll; Set
'Extension' to .exe; set 'Verbs' to All verbs.
4. Repeat step 3 for .zip and .pdf
5. restart your IIS

Hope this help,

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Michael Tissington]

Thanks, and what do I need to put into my web.config file also ?

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:g1VjgIw3DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael ,
>
> Thank you for using MSDN Newsgroup. I am Luke and I am review this issue
> currently. As I understand, you have an ASP.NET application with form
> authentication. When user request an ASPX file, he will be redirected to
> logon form first. When user request a different file (exe, zip, pdf), you
> also need this behavior.
>
> To achieve this, we need change the virtual folder's configaration so that
> ASP.NET also manage the request for these kind of request ( I use IIS 6.0
> as demo):
>
> 1. Open IIS Manager in Administrator Tools, browse to the virtual folder,
> right click it and select Properties.
> 2. On Directory tab, click button "Configration..." and you will see the
> Application extensions list.
> 3. Click Add button, add a application extension for .exe. Set

'Executabel'

> to C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll; Set
> 'Extension' to .exe; set 'Verbs' to All verbs.
> 4. Repeat step 3 for .zip and .pdf
> 5. restart your IIS
>
> Hope this help,
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[Michael Tissington]

I have placed an entry in my web.config file and when I click on the link I
now get the login page, have after entering the name and password, the
redirection back to the exe is not working (it stays on the login page)

What am I missing?

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]


"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:g1VjgIw3DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael ,
>
> Thank you for using MSDN Newsgroup. I am Luke and I am review this issue
> currently. As I understand, you have an ASP.NET application with form
> authentication. When user request an ASPX file, he will be redirected to
> logon form first. When user request a different file (exe, zip, pdf), you
> also need this behavior.
>
> To achieve this, we need change the virtual folder's configaration so that
> ASP.NET also manage the request for these kind of request ( I use IIS 6.0
> as demo):
>
> 1. Open IIS Manager in Administrator Tools, browse to the virtual folder,
> right click it and select Properties.
> 2. On Directory tab, click button "Configration..." and you will see the
> Application extensions list.
> 3. Click Add button, add a application extension for .exe. Set

'Executabel'

> to C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll; Set
> 'Extension' to .exe; set 'Verbs' to All verbs.
> 4. Repeat step 3 for .zip and .pdf
> 5. restart your IIS
>
> Hope this help,
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[MSFT]

Hi Michael,

How did you code in the Login page? Generally, we only need one line simple
code after authentication like:

FormsAuthentication.RedirectFromLoginPage("", False)

and there is no any special in the web.config:

<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>

<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Michael Tissington]

Luke,

Strange, very strange this is what I have .... both exe and pdf have the
same problem .... after logon the page does not get redirected.

In the same session, if I then try to go to another page that requires
logon, I go straight to it and am not prompted to logon again - which is
what I would expect. However if I go to the link for the exe or pdf, I'm
still prompted to logon.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:E9SzCgz3DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> How did you code in the Login page? Generally, we only need one line

simple

> code after authentication like:
>
> FormsAuthentication.RedirectFromLoginPage("", False)
>
> and there is no any special in the web.config:
>
> <authentication mode="Forms">
> <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
> protection="All" path="/" timeout="30" />
> </authentication>
>
> <authorization>
> <deny users ="?" />
> <allow users = "*" />
> </authorization>
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[Michael Tissington]

Just as a thought, do I need to set any permissions on the folder it self ?

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:E9SzCgz3DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> How did you code in the Login page? Generally, we only need one line

simple

> code after authentication like:
>
> FormsAuthentication.RedirectFromLoginPage("", False)
>
> and there is no any special in the web.config:
>
> <authentication mode="Forms">
> <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
> protection="All" path="/" timeout="30" />
> </authentication>
>
> <authorization>
> <deny users ="?" />
> <allow users = "*" />
> </authorization>
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[MSFT]

Hi Michael,

DId you use the persisted cookies? I suggest you create a new asp.net
project and only add one logon form and add code as I suggest in my
previous message. Will this help for a exe or pdf file?

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Michael Tissington]

Luke,

I have tried this (going back to basics) and I get the same problem.

I'm running Windows 2003.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:0LvJI493DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> DId you use the persisted cookies? I suggest you create a new asp.net
> project and only add one logon form and add code as I suggest in my
> previous message. Will this help for a exe or pdf file?
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[Mike Moore [MSFT]]

Hi Michael,

I'm sorry we've been delayed in getting back to you. The ASP.NET process
needs to have read access to the files to be donwloaded. This can be set on
the individual files or on the folder. The account that needs read
permissions is typically either the "Network Service" or "ASPNET" account.

We are still researching this issue and will post more information as soon
as we can.

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
[url]http://www.microsoft.com/protect[/url] site and perform the three straightforward
steps listed to improve your computer’s security.

This posting is provided "AS IS", with no warranties, and confers no rights.


--------------------

> From: "Michael Tissington" <michael@nospam.com>
> References: <OzZX4rt3DHA.1908@TK2MSFTNGP10.phx.gbl>

<g1VjgIw3DHA.1992@cpmsftngxa07.phx.gbl>
<Omds#7x3DHA.4060@TK2MSFTNGP11.phx.gbl>
<E9SzCgz3DHA.1992@cpmsftngxa07.phx.gbl>

> Subject: Re: Forms Authentication to specific folders
> Date: Tue, 20 Jan 2004 08:13:30 -0800
> Lines: 38
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> Message-ID: <u$oOZB33DHA.3360@tk2msftngp13.phx.gbl>
> Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> NNTP-Posting-Host: antelope.oaklodge.com 63.67.71.5
> Path:

cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTN GP08.phx.gbl!tk2msftngp13.
phx.gbl

> Xref: cpmsftngxa07.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 8293

> X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
> Just as a thought, do I need to set any permissions on the folder it self

?

>
> --
> Michael Tissington
> [url]http://www.oaklodge.com[/url]
> [url]http://www.tabtag.com[/url]
>
> "MSFT" <lukezhan@online.microsoft.com> wrote in message
> news:E9SzCgz3DHA.1992@cpmsftngxa07.phx.gbl...

> > Hi Michael,
> >
> > How did you code in the Login page? Generally, we only need one line

> simple

> > code after authentication like:
> >
> > FormsAuthentication.RedirectFromLoginPage("", False)
> >
> > and there is no any special in the web.config:
> >
> > <authentication mode="Forms">
> > <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
> > protection="All" path="/" timeout="30" />
> > </authentication>
> >
> > <authorization>
> > <deny users ="?" />
> > <allow users = "*" />
> > </authorization>
> >
> > Luke
> > Microsoft Online Support
> >
> > Get Secure! [url]www.microsoft.com/security[/url]
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >

>
>
>

[Michael Tissington]

Mike,

Thanks for the update.

I have added both "NETWORK SERVICES" the ASP.NET account on the local
machine to the security and given them full access ....

Still get the same problem.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

""Mike Moore [MSFT]"" <michmo@online.microsoft.com> wrote in message
news:pTk$YjV4DHA.1988@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> I'm sorry we've been delayed in getting back to you. The ASP.NET process
> needs to have read access to the files to be donwloaded. This can be set

on

> the individual files or on the folder. The account that needs read
> permissions is typically either the "Network Service" or "ASPNET" account.
>
> We are still researching this issue and will post more information as soon
> as we can.
>
> Thank you, Mike
> Microsoft, ASP.NET Support Professional
>
> Microsoft highly recommends to all of our customers that they visit the
> [url]http://www.microsoft.com/protect[/url] site and perform the three

straightforward

> steps listed to improve your computer's security.
>
> This posting is provided "AS IS", with no warranties, and confers no

rights.

>
>
> --------------------

> > From: "Michael Tissington" <michael@nospam.com>
> > References: <OzZX4rt3DHA.1908@TK2MSFTNGP10.phx.gbl>

> <g1VjgIw3DHA.1992@cpmsftngxa07.phx.gbl>
> <Omds#7x3DHA.4060@TK2MSFTNGP11.phx.gbl>
> <E9SzCgz3DHA.1992@cpmsftngxa07.phx.gbl>

> > Subject: Re: Forms Authentication to specific folders
> > Date: Tue, 20 Jan 2004 08:13:30 -0800
> > Lines: 38
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> > Message-ID: <u$oOZB33DHA.3360@tk2msftngp13.phx.gbl>
> > Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> > NNTP-Posting-Host: antelope.oaklodge.com 63.67.71.5
> > Path:

>

cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTN GP08.phx.gbl!tk2msftngp13.

> phx.gbl

> > Xref: cpmsftngxa07.phx.gbl

> microsoft.public.dotnet.framework.aspnet.security: 8293

> > X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> >
> > Just as a thought, do I need to set any permissions on the folder it

self

> ?

> >
> > --
> > Michael Tissington
> > [url]http://www.oaklodge.com[/url]
> > [url]http://www.tabtag.com[/url]
> >
> > "MSFT" <lukezhan@online.microsoft.com> wrote in message
> > news:E9SzCgz3DHA.1992@cpmsftngxa07.phx.gbl...

> > > Hi Michael,
> > >
> > > How did you code in the Login page? Generally, we only need one line

> > simple

> > > code after authentication like:
> > >
> > > FormsAuthentication.RedirectFromLoginPage("", False)
> > >
> > > and there is no any special in the web.config:
> > >
> > > <authentication mode="Forms">
> > > <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
> > > protection="All" path="/" timeout="30" />
> > > </authentication>
> > >
> > > <authorization>
> > > <deny users ="?" />
> > > <allow users = "*" />
> > > </authorization>
> > >
> > > Luke
> > > Microsoft Online Support
> > >
> > > Get Secure! [url]www.microsoft.com/security[/url]
> > > (This posting is provided "AS IS", with no warranties, and confers no
> > > rights.)
> > >

> >
> >
> >

>

[MSFT]

Hi Michael,

Can you show me the code you used? Including the page you request to an exe
file, the logon page (HTML and code behind) and the web.config. We may find
something in them.

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Michael Tissington]

I have sent a private email

Thanks.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:8tQpHNY4DHA.3256@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> Can you show me the code you used? Including the page you request to an

exe

> file, the logon page (HTML and code behind) and the web.config. We may

find

> something in them.
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

[Yan-Hong Huang[MSFT]]

Hello Michael,

Thanks very much for your follow up.

Luke is out of office today. I have sent email to him and he will follow up
this issue after he come back tomorrow. If you have any more concerns,
please feel free to post here.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.

[Michael Tissington]

Thanks for the update.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"Yan-Hong Huang[MSFT]" <yhhuang@online.microsoft.com> wrote in message
news:Rz9VNd74DHA.1512@cpmsftngxa07.phx.gbl...

> Hello Michael,
>
> Thanks very much for your follow up.
>
> Luke is out of office today. I have sent email to him and he will follow

up

> this issue after he come back tomorrow. If you have any more concerns,
> please feel free to post here.
>
> Best regards,
> Yanhong Huang
> Microsoft Community Support
>
> Get Secure! ¨C [url]www.microsoft.com/security[/url]
> This posting is provided "AS IS" with no warranties, and confers no

rights.

>

[MSFT]

Hi Michael,

I have recieved your code. After making some changes in it, it works on my
side:

First, we modify some in the web.config:

<authentication mode="Forms">
<forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
path="/" timeout="10" />
</authentication>
<identity impersonate="true" />

<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>

loginUrl="./login/login.aspx" will force it use login in right sub folder.
With

<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>

It will deny anonymous users.

And in the code behind:

private void LoginButton_Click(object sender, System.EventArgs e)
{
//if (Page.IsValid == true)
//{
//string UserID;

//User user = new User();

//MismatchLabel.Visible = false;

// Check for already logged on
//if (loginUserDetails != null)
//{
// Session["UserDetails"] = null;
// loginUserDetails = null;
// FormsAuthentication.SignOut();
//}

//UserID = user.Login(LogonEmailTextBox.Text,
LogonPasswordTextBox.Text);
//if (UserID != null)
//{
// Session["UserDetails"] = user.GetUserDetails(UserID);
FormsAuthentication.RedirectFromLoginPage("*", false);
//}
//else
//{
// MismatchLabel.Visible = true;
//}
//}
}

As you see, I only keep the line
"FormsAuthentication.RedirectFromLoginPage("*" , false);". It will always
redirect once user input a name and password. That make it work with aspx,
exe and zip.

Therefore, the problem on your side may be caused that this line didn't got
executed. The posible reason is (loginUserDetails != null) or (UserID =
null). Especially, when request is to a exe or zip file. You need to double
check the logic of your application to make sure this.

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[MSFT]

Hi Michael,

I have recieved your code. After making some changes in it, it works on my
side:

First, we modify some in the web.config:

<authentication mode="Forms">
<forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
path="/" timeout="10" />
</authentication>
<identity impersonate="true" />

<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>

loginUrl="./login/login.aspx" will force it use login in right sub folder.
With

<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>

It will deny anonymous users.

And in the code behind:

private void LoginButton_Click(object sender, System.EventArgs e)
{
//if (Page.IsValid == true)
//{
//string UserID;

//User user = new User();

//MismatchLabel.Visible = false;

// Check for already logged on
//if (loginUserDetails != null)
//{
// Session["UserDetails"] = null;
// loginUserDetails = null;
// FormsAuthentication.SignOut();
//}

//UserID = user.Login(LogonEmailTextBox.Text,
LogonPasswordTextBox.Text);
//if (UserID != null)
//{
// Session["UserDetails"] = user.GetUserDetails(UserID);
FormsAuthentication.RedirectFromLoginPage("*", false);
//}
//else
//{
// MismatchLabel.Visible = true;
//}
//}
}

As you see, I only keep the line
"FormsAuthentication.RedirectFromLoginPage("*" , false);". It will always
redirect once user input a name and password. That make it work with aspx,
exe and zip.

Therefore, the problem on your side may be caused that this line didn't got
executed. The posible reason is (loginUserDetails != null) or (UserID =
null). Especially, when request is to a exe or zip file. You need to double
check the logic of your application to make sure this.

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Michael Tissington]

Luke,

Using loginUrl="./login/login.aspx" (with the dot) does not work because
sometimes i'll be directed to a login page of the form
/download/installs/login/login.aspx adn what is required is
/login/login.aspx (in other words starting from the root). My understanding
is the '.' makes the path relative to the current url and not the root

In addition after commenting out the code I still can not get past the login
page. I have debugged my code and I correctly execute the line

FormsAuthentication.RedirectFromLoginPage("*", false);

But I still have the login page re displayed.

--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]

"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:1%23sG1wL5DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> I have recieved your code. After making some changes in it, it works on my
> side:
>
> First, we modify some in the web.config:
>
> <authentication mode="Forms">
> <forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
> path="/" timeout="10" />
> </authentication>
> <identity impersonate="true" />
>
> <authorization>
> <deny users ="?" />
> <allow users = "*" />
> </authorization>
>
> loginUrl="./login/login.aspx" will force it use login in right sub folder.
> With
>
> <authorization>
> <deny users ="?" />
> <allow users = "*" />
> </authorization>
>
> It will deny anonymous users.
>
> And in the code behind:
>
> private void LoginButton_Click(object sender, System.EventArgs e)
> {
> //if (Page.IsValid == true)
> //{
> //string UserID;
>
> //User user = new User();
>
> //MismatchLabel.Visible = false;
>
> // Check for already logged on
> //if (loginUserDetails != null)
> //{
> // Session["UserDetails"] = null;
> // loginUserDetails = null;
> // FormsAuthentication.SignOut();
> //}
>
> //UserID = user.Login(LogonEmailTextBox.Text,
> LogonPasswordTextBox.Text);
> //if (UserID != null)
> //{
> // Session["UserDetails"] = user.GetUserDetails(UserID);
> FormsAuthentication.RedirectFromLoginPage("*", false);
> //}
> //else
> //{
> // MismatchLabel.Visible = true;
> //}
> //}
> }
>
> As you see, I only keep the line
> "FormsAuthentication.RedirectFromLoginPage("*" , false);". It will always
> redirect once user input a name and password. That make it work with aspx,
> exe and zip.
>
> Therefore, the problem on your side may be caused that this line didn't

got

> executed. The posible reason is (loginUserDetails != null) or (UserID =
> null). Especially, when request is to a exe or zip file. You need to

double

> check the logic of your application to make sure this.
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[MSFT]

Hi Michael,

Is it that all requests (inluding ASPX and EXE) can't pass the login form
or only EXE file? Where is the EXE or ZIP file, in the root or a virtual
folder? When we enter the login form, the address line of IE will be like:

[url]http://localhost/webapplicationtest/login/login.aspx?ReturnUrl=%2fwebapplica[/url]
tiontest%2fcodesamples.zip

Did it has same url string after you click Login button and redirected to
login form again?

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Michael Tissington]

Luke,

Yes, after clicking Login, the login page is just display again and the URL
has not changed.


--
Michael Tissington
[url]http://www.oaklodge.com[/url]
[url]http://www.tabtag.com[/url]


"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:j9PBkvW5DHA.1992@cpmsftngxa07.phx.gbl...

> Hi Michael,
>
> Is it that all requests (inluding ASPX and EXE) can't pass the login form
> or only EXE file? Where is the EXE or ZIP file, in the root or a virtual
> folder? When we enter the login form, the address line of IE will be like:
>
>

[url]http://localhost/webapplicationtest/login/login.aspx?ReturnUrl=%2fwebapplica[/url]

> tiontest%2fcodesamples.zip
>
> Did it has same url string after you click Login button and redirected to
> login form again?
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>