Sharing Forms Authentication between application and sub-application

[=B=]

Hi,

I'm succesfully using Forms Authentication on a site I'm working on
(MyMainApp).

In a subfolder of this site, I have a seperate ASP.NET application
(MySubApp), i.e. it's running as an application in IIS, although it's
part of the MyMainApp VS.NET project file. The structure is something
like this:

MyMainApp <!-- Application in IIS
\MySubApp <!-- Application in IIS
\images
\mySubAppFiles
web.config
\images
\includes
\MainAppSubFolder
web.config
logon.aspx, etc.

All other folders are simple virtual directories. If I try browsing
to any .aspx page in a subfolder of MyMainApp (excluding files in
MySubApp) it forces me to the login page, as it should do. However,
if I try to browse to any .aspx page in MySubApp by typing the address
in IE it brings up the page, seemingly bypassing the Forms
Authentication which is applied on both the web.config files of
MyMainApp and MySubApp. Within MySubApp the relevant section of
web.config looks like this:

<authentication mode="Forms">
<forms name=".MYAPP"
loginUrl="../logon.aspx"
protection="All"
timeout="20"
path="/"/>
</authentication>

Does anyone know why the Forms Authentication on MySubApp is being
bypassed completely?

Thanks,

Brian

[Raterus]

I imagine your path attribute in your sub-webconfig is messing you up. Sure it is not looking at your main application's authentication cookie, and that is why it is letting you in?

Here is an article on sharing forms authentication, might help..

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp[/url]




"=B=" <brian_is_online@yahoo.co.uk> wrote in message news:46537b79.0501130458.152db7ac@posting.google.c om...

> Hi,
>
> I'm succesfully using Forms Authentication on a site I'm working on
> (MyMainApp).
>
> In a subfolder of this site, I have a seperate ASP.NET application
> (MySubApp), i.e. it's running as an application in IIS, although it's
> part of the MyMainApp VS.NET project file. The structure is something
> like this:
>
> MyMainApp <!-- Application in IIS
> \MySubApp <!-- Application in IIS
> \images
> \mySubAppFiles
> web.config
> \images
> \includes
> \MainAppSubFolder
> web.config
> logon.aspx, etc.
>
> All other folders are simple virtual directories. If I try browsing
> to any .aspx page in a subfolder of MyMainApp (excluding files in
> MySubApp) it forces me to the login page, as it should do. However,
> if I try to browse to any .aspx page in MySubApp by typing the address
> in IE it brings up the page, seemingly bypassing the Forms
> Authentication which is applied on both the web.config files of
> MyMainApp and MySubApp. Within MySubApp the relevant section of
> web.config looks like this:
>
> <authentication mode="Forms">
> <forms name=".MYAPP"
> loginUrl="../logon.aspx"
> protection="All"
> timeout="20"
> path="/"/>
> </authentication>
>
> Does anyone know why the Forms Authentication on MySubApp is being
> bypassed completely?
>
> Thanks,
>
> Brian

[Hernan de Lahitte]

Try to use an absolute url on your path attribute.
Here is another article about this topic.

[url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]


--
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]


"Raterus" <raterus@hotmail.com> wrote in message
news:OM0J4Fm%23EHA.3592@TK2MSFTNGP09.phx.gbl...
I imagine your path attribute in your sub-webconfig is messing you up. Sure
it is not looking at your main application's authentication cookie, and that
is why it is letting you in?

Here is an article on sharing forms authentication, might help..

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp[/url]




"=B=" <brian_is_online@yahoo.co.uk> wrote in message
news:46537b79.0501130458.152db7ac@posting.google.c om...

> Hi,
>
> I'm succesfully using Forms Authentication on a site I'm working on
> (MyMainApp).
>
> In a subfolder of this site, I have a seperate ASP.NET application
> (MySubApp), i.e. it's running as an application in IIS, although it's
> part of the MyMainApp VS.NET project file. The structure is something
> like this:
>
> MyMainApp <!-- Application in IIS
> \MySubApp <!-- Application in IIS
> \images
> \mySubAppFiles
> web.config
> \images
> \includes
> \MainAppSubFolder
> web.config
> logon.aspx, etc.
>
> All other folders are simple virtual directories. If I try browsing
> to any .aspx page in a subfolder of MyMainApp (excluding files in
> MySubApp) it forces me to the login page, as it should do. However,
> if I try to browse to any .aspx page in MySubApp by typing the address
> in IE it brings up the page, seemingly bypassing the Forms
> Authentication which is applied on both the web.config files of
> MyMainApp and MySubApp. Within MySubApp the relevant section of
> web.config looks like this:
>
> <authentication mode="Forms">
> <forms name=".MYAPP"
> loginUrl="../logon.aspx"
> protection="All"
> timeout="20"
> path="/"/>
> </authentication>
>
> Does anyone know why the Forms Authentication on MySubApp is being
> bypassed completely?
>
> Thanks,
>
> Brian

[brian_is_online@yahoo.co.uk]

Thanks for all the help. The absolute URL did the trick!

B.

Hernan de Lahitte wrote:

> Try to use an absolute url on your path attribute.
> Here is another article about this topic.
>
> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
>
>
> --
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
>
> "Raterus" <raterus@hotmail.com> wrote in message
> news:OM0J4Fm%23EHA.3592@TK2MSFTNGP09.phx.gbl...
> I imagine your path attribute in your sub-webconfig is messing you

up. Sure

> it is not looking at your main application's authentication cookie,

and that

> is why it is letting you in?
>
> Here is an article on sharing forms authentication, might help..
>
>

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp[/url]

>
>
>
>
> "=B=" <brian_is_online@yahoo.co.uk> wrote in message
> news:46537b79.0501130458.152db7ac@posting.google.c om...

> > Hi,
> >
> > I'm succesfully using Forms Authentication on a site I'm working on
> > (MyMainApp).
> >
> > In a subfolder of this site, I have a seperate ASP.NET application
> > (MySubApp), i.e. it's running as an application in IIS, although

it's

> > part of the MyMainApp VS.NET project file. The structure is

something

> > like this:
> >
> > MyMainApp <!-- Application in IIS
> > \MySubApp <!-- Application in IIS
> > \images
> > \mySubAppFiles
> > web.config
> > \images
> > \includes
> > \MainAppSubFolder
> > web.config
> > logon.aspx, etc.
> >
> > All other folders are simple virtual directories. If I try

browsing

> > to any .aspx page in a subfolder of MyMainApp (excluding files in
> > MySubApp) it forces me to the login page, as it should do.

However,

> > if I try to browse to any .aspx page in MySubApp by typing the

address

> > in IE it brings up the page, seemingly bypassing the Forms
> > Authentication which is applied on both the web.config files of
> > MyMainApp and MySubApp. Within MySubApp the relevant section of
> > web.config looks like this:
> >
> > <authentication mode="Forms">
> > <forms name=".MYAPP"
> > loginUrl="../logon.aspx"
> > protection="All"
> > timeout="20"
> > path="/"/>
> > </authentication>
> >
> > Does anyone know why the Forms Authentication on MySubApp is being
> > bypassed completely?
> >
> > Thanks,
> >
> > Brian