Getting forms auth challenge

[MarkMurphy]

I'm implementing forms authentication on a site and can't get the
redirection to the login page to work happen. It is behaving as
though still doing windows authentication.

In web.config:

<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH"
protection="All"/>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application. You can allow or deny access
to application resources by user or role. Wildcards: "*"
mean everyone, "?" means anonymous
(unauthenticated) users.
-->

<authorization>
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>


Am I missing something?

Thanks in advance, Mark

[Jim Cheshire [MSFT]]

Mark,

You are allowing everyone to the site. Therefore, no one needs to
authenticate. You need to change your <authorization> section as follows:

<authorization>
<deny users="?" />
<allow users="*" />
</authorization>


Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
[email]jamesche@online.microsoft.com[/email]

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

>From: [email]murphy@murphysw.com[/email] (MarkMurphy)
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Subject: Getting forms auth challenge
>Date: 28 Jul 2004 12:04:34 -0700
>Organization: [url]http://groups.google.com[/url]
>Lines: 32
>Message-ID: <e061eb57.0407281104.7cab54ba@posting.google.com >
>NNTP-Posting-Host: 144.223.23.86
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>X-Trace: posting.google.com 1091041475 8883 127.0.0.1 (28 Jul 2004

19:04:35 GMT)

>X-Complaints-To: [email]groups-abuse@google.com[/email]
>NNTP-Posting-Date: Wed, 28 Jul 2004 19:04:35 +0000 (UTC)
>Path:

cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFT NGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!p
ostnews2.google.com!not-for-mail

>Xref: cpmsftngxa10.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 10952

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>I'm implementing forms authentication on a site and can't get the
>redirection to the login page to work happen. It is behaving as
>though still doing windows authentication.
>
>In web.config:
>
> <authentication mode="Forms">
> <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH"
>protection="All"/>
> </authentication>
>
> <!-- AUTHORIZATION
> This section sets the authorization policies of the
>application. You can allow or deny access
> to application resources by user or role. Wildcards: "*"
>mean everyone, "?" means anonymous
> (unauthenticated) users.
> -->
>
> <authorization>
> <allow users="*" /> <!-- Allow all users -->
> <!-- <allow users="[comma separated list of users]"
> roles="[comma separated list of roles]"/>
> <deny users="[comma separated list of users]"
> roles="[comma separated list of roles]"/>
> -->
> </authorization>
>
>
>Am I missing something?
>
>Thanks in advance, Mark
>

[MarkMurphy]

Thanks Jim,

I think you meant:

<deny users="?" />
<allow users="*" />

However it's still not redirecting unauthenticated users to
login.aspx. Also it appears that no cookie is being written on a
successful login, though I've verified that this code executes:

//Create an authentication ticket to store in a cookie
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, //Version - change to invalidate cookies
u.UserName,
DateTime.Now, //Authentication time
DateTime.Now.AddMinutes(SessionTimeout), //Time stay authenticated
false, //No persistent cookie
""); //User data

string encryptedTicket = FormsAuthentication.Encrypt(ticket);

Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket));

string redirectUrl = FormsAuthentication.GetRedirectUrl(u.UserName,
false);

FormsAuthentication.SetAuthCookie(u.UserName, false);

-Mark

[Jim Cheshire [MSFT]]

Murphy,

You've just repeated the same tags I gave you. :)

If it's still not working, I suggest you refer to the following article.
If it still won't work after that, your best bet is to open a case with us
for further troubleshooting.

[url]http://support.microsoft.com/default.aspx?scid=KB;EN-US;301240[/url]

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
[email]jamesche@online.microsoft.com[/email]

This post is provided "AS-IS" with no warranties and confers no rights.


--------------------

>From: [email]murphy@murphysw.com[/email] (MarkMurphy)
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Subject: Re: Getting forms auth challenge
>Date: 29 Jul 2004 09:58:15 -0700
>Organization: [url]http://groups.google.com[/url]
>Lines: 31
>Message-ID: <e061eb57.0407290858.6e1867e6@posting.google.com >
>References: <e061eb57.0407281104.7cab54ba@posting.google.com >

<JQsnMrOdEHA.2972@cpmsftngxa10.phx.gbl>

>NNTP-Posting-Host: 144.223.23.86
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>X-Trace: posting.google.com 1091120296 6825 127.0.0.1 (29 Jul 2004

16:58:16 GMT)

>X-Complaints-To: [email]groups-abuse@google.com[/email]
>NNTP-Posting-Date: Thu, 29 Jul 2004 16:58:16 +0000 (UTC)
>Path:

cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFT NGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!proxad. net!postn
ews2.google.com!not-for-mail

>Xref: cpmsftngxa10.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 10976

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Thanks Jim,
>
>I think you meant:
>
><deny users="?" />
><allow users="*" />
>
>However it's still not redirecting unauthenticated users to
>login.aspx. Also it appears that no cookie is being written on a
>successful login, though I've verified that this code executes:
>
>//Create an authentication ticket to store in a cookie
>FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
>1, //Version - change to invalidate cookies
>u.UserName,
>DateTime.Now, //Authentication time
>DateTime.Now.AddMinutes(SessionTimeout), //Time stay authenticated
>false, //No persistent cookie
>""); //User data
>
>string encryptedTicket = FormsAuthentication.Encrypt(ticket);
>
>Response.Cookies.Add(new
>HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket));
>
>string redirectUrl = FormsAuthentication.GetRedirectUrl(u.UserName,
>false);
>
>FormsAuthentication.SetAuthCookie(u.UserName, false);
>
>-Mark
>

[MarkMurphy]

That was rather lame of me ;-)

It's interesting, the redirect is working as expected when I move the
code and pages to a testing system. However, on my development
machine no redirect occurs. The web.config is the same on both
systems.

Ideas?

-Mark

[Yan-Hong Huang[MSFT]]

Hello Mark,

If the exactly same codes and pages work on another system, we may consider
something is not installed correctly on your development machine.

Firstly we may think of remapping asp.net on the system. Please refer to
the following article:
"How To Repair IIS Mapping After You Remove and Reinstall IIS"
[url]http://support.microsoft.com/?kbid=306005[/url]

If the problem is staill there, we may consider to reinstall .NET framework.

Thanks.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.

[MarkMurphy]

Hi again.

Thanks for you input. For whatever reason the forms auth is working on
both development and stage systems now. I'm not sure what the problem
was.

-Mark

[Yan-Hong Huang[MSFT]]

Hi Mark,

Thanks very much for your update. Anyway, I am glad that the form is
working on both machines now. This problem seems strange. Next time if you
met similar problems, my suggestion for you is to compart setting in
different machines. Further more, we can try reinstall some key components
to see if it helps.

If there is any more questions on asp.net programming, please feel free to
post in the group. We are here to support you at your convenience. Thanks
again for participating the commmynity.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C [url]www.microsoft.com/security[/url]
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.