Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > web.config authorization element not working as expected on ASP.NET Development Server

Reply
Thread Tools

web.config authorization element not working as expected on ASP.NET Development Server

 
 
J055
Guest
Posts: n/a
 
      03-10-2006
Ver. VS2005

Hi

I'm using forms authentication and have set the authorization element to
deny anonymous users. This works fine except that when I view the login.aspx
page as an unauthenticated user I am denied access to non-asp files like
css, gif, jpg etc.

The only happens on the ASP.NET Development Server and not when I publish to
an IIS web server.

Can someone let me know why this happens and if there's something I can do
about it?

Thanks
Andrew

Here's the web.config file:

<system.web>
<authentication mode="Forms">
<forms name="ASPXSecurity" loginUrl="Login.aspx" protection="All" path="/"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>


 
Reply With Quote
 
 
 
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      03-13-2006
Hi Andrew,

Welcome to the ASPNET newsgroup.

As for the ASP.NET 2.0/vs 2005 web application with Test web server, when
using Forms Authentication, the problem you encountered does exists. So
there is nothing incorrect in your application's code and configuration.
Actually, the problem is specific to the .NET 2.0/vs 2005 TestWebServer,
because the test webserver dosn't have filter or extension like IIS, all
the requests to the web application(no matter for ASP.NET resources or
static file resource) are processed by ASP.NET runtime, this cause those
static files in our web application also be protected by
formsauthentication(when developing in test server). Of course, when
deploying in IIS server, the application won't suffer this issue. Is your
web application currectly put those static resource (images , scripts ...)
in a certain sub dir? If so, you can consider temporarly grant anonymous
permission for those dirs in forms authorization setting at development
time, that's won't voliate the security when deploying into IIS virtual
dir.

Thanks for your understanding.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to Update/insert an xml element's text----> (<element>text</element>) HANM XML 2 01-29-2008 03:31 PM
Authorization not working as expected las@labapps.com ASP .Net 1 08-17-2006 07:57 PM
URL Authorization does not override File Authorization? SeanRW ASP .Net Security 1 05-25-2006 06:18 AM
Re: TabIndex propery not working as expected for Server controls Natty Gur ASP .Net 1 03-03-2004 04:09 PM
GDI+ not working as expected on different server Richard Huff ASP .Net 2 01-06-2004 10:10 PM



Advertisments