Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Bypass forms authentication

Reply
Thread Tools

Bypass forms authentication

 
 
CJF
Guest
Posts: n/a
 
      03-04-2004
My application uses forms-based authentication.
In my .NET project I have a subfolder to store forms that display
user-friendly error messages to the user.
I also have an http module to handle prerequests for creating my database
objects and connections. If the database connection fails I want the user
to be redirected to one of my error pages. The problem is if the connection
fails before the user has an opportunity to authenticate then the user gets
redirect to the error page, which in turn redirects them to the sign-in
page, which in turn fails to connect to the db and redirects them to the
error page (and round and round we go!). I created a web.config file for my
subfolder and set the authorization to allow all users, but it's not
allowing the user to see the error page and still invokes forms
authentication by using the authentication and authorization settings in the
parent web.config file. If I go to the error page by typing in the URL
directly it works, but it doesn't work if I redirect in the code.

How can I allow redirection to a page in the project and bypass the
authentication on a subfolder or form basis? Should the child web.config
file override the parent and allow all users if I choose?

Thx, Chris


 
Reply With Quote
 
 
 
 
Arvind P Rangan
Guest
Posts: n/a
 
      03-05-2004
Hi Chris,
Add this after the first </sytem>
before </configuration>
<location path="FOLDERNAME">
<system.web>
<compilation defaultLanguage="vb/c#" debug="true" />
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Check it out This Works.
Arvind
"CJF" <(E-Mail Removed)> wrote in message
news:up$(E-Mail Removed)...
> My application uses forms-based authentication.
> In my .NET project I have a subfolder to store forms that display
> user-friendly error messages to the user.
> I also have an http module to handle prerequests for creating my database
> objects and connections. If the database connection fails I want the user
> to be redirected to one of my error pages. The problem is if the

connection
> fails before the user has an opportunity to authenticate then the user

gets
> redirect to the error page, which in turn redirects them to the sign-in
> page, which in turn fails to connect to the db and redirects them to the
> error page (and round and round we go!). I created a web.config file for

my
> subfolder and set the authorization to allow all users, but it's not
> allowing the user to see the error page and still invokes forms
> authentication by using the authentication and authorization settings in

the
> parent web.config file. If I go to the error page by typing in the URL
> directly it works, but it doesn't work if I redirect in the code.
>
> How can I allow redirection to a page in the project and bypass the
> authentication on a subfolder or form basis? Should the child web.config
> file override the parent and allow all users if I choose?
>
> Thx, Chris
>
>



 
Reply With Quote
 
 
 
 
CJF
Guest
Posts: n/a
 
      03-05-2004
Hi Arvind,
I tried using the location element and it still loops between pages. I
placed the location block in my project's web.config and when that didn't
work, I put it in my subfolder's web.config. I also tried specifying a
specific file. I'm wondering if it's the ordering of events that still
causing it, since I'm doing the db connect on the prerequest event. I don't
know at what stage the web.config file is interpreted.
I'll have to find some other way to work around that.

"Arvind P Rangan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Chris,
> Add this after the first </sytem>
> before </configuration>
> <location path="FOLDERNAME">
> <system.web>
> <compilation defaultLanguage="vb/c#" debug="true" />
> <authorization>
> <allow users="*"/>
> </authorization>
> </system.web>
> </location>
> Check it out This Works.
> Arvind
> "CJF" <(E-Mail Removed)> wrote in message
> news:up$(E-Mail Removed)...
> > My application uses forms-based authentication.
> > In my .NET project I have a subfolder to store forms that display
> > user-friendly error messages to the user.
> > I also have an http module to handle prerequests for creating my

database
> > objects and connections. If the database connection fails I want the

user
> > to be redirected to one of my error pages. The problem is if the

> connection
> > fails before the user has an opportunity to authenticate then the user

> gets
> > redirect to the error page, which in turn redirects them to the sign-in
> > page, which in turn fails to connect to the db and redirects them to the
> > error page (and round and round we go!). I created a web.config file

for
> my
> > subfolder and set the authorization to allow all users, but it's not
> > allowing the user to see the error page and still invokes forms
> > authentication by using the authentication and authorization settings in

> the
> > parent web.config file. If I go to the error page by typing in the URL
> > directly it works, but it doesn't work if I redirect in the code.
> >
> > How can I allow redirection to a page in the project and bypass the
> > authentication on a subfolder or form basis? Should the child

web.config
> > file override the parent and allow all users if I choose?
> >
> > Thx, Chris
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to bypass forms-based authentication Larry Smith ASP .Net 0 08-25-2008 03:08 PM
Bypass Forms Authentication for IP address range Chumma Dede ASP .Net 2 02-09-2006 08:39 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
bypass forms authentication on local? Tim_Mac ASP .Net Security 3 10-05-2005 09:05 AM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments