Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Enabling Forms Authentication Stops Button Click Events

Reply
Thread Tools

Enabling Forms Authentication Stops Button Click Events

 
 
Waqas Pitafi
Guest
Posts: n/a
 
      08-21-2005
Hi,

3rd day is already gone without any solution.

My problem is, I have a Windows Server 2003 sp1 machine as my development
platform having NTFS filesystem. Other notable components installed are
ODP.NET (latest version), WSE 2.0 sp3, offcourse VS.NET 2003 so .NET 1.1.

When I enable Forms Authentication (restrict anonymous access) through web
config using <authentication> section my login.aspx page's button stop
working. After debugging I discovered, it's because of the Forms
Authentication. I enable anonymous access every thing works great.

I am out of ideas to find the solution, any help will be greatly appreciated.

I have installed everything (including OS) from scratch only to get the same
result. Moreover another developer's machine with exactly similar software
configuration runs the same code (with Forms Authentication enabled and
restricted anonymous access) without any problem.

Thanks in advance.
 
Reply With Quote
 
 
 
 
jfer
Guest
Posts: n/a
 
      08-22-2005
Hey Waqas I believe you are missing the pros/cons of Forms
Authentication. When you use integrated windows authentication the
users credentials are passed around via a trusted credential token.
This is why with Integrated Windows Authentication you are allowed to
pass the users identity to other resources, for example you can
restrict users to file resources via built in Windows access control
lists. When you use Forms Authentication you lose this ability and you
are responsible for building up the credential token although it is not
given the same trust (you cannot use Access Control Lists to
restrict/allow access for instance). This is key to understanding your
problem because all your users are actually browsing your site via the
anonymous account setup in IIS when you use Forms Authentication. And
you are building up their "credential token" as the forms
authentication ticket (cookie).
This implies to me that you MUST have anonymous access enabled when
utilizing Forms Authentication. To restrict/deny access to resources
you must then utilize URL Authorization via the web.config specificing
either users or roles explicitely.

Hope this helps.

 
Reply With Quote
 
 
 
 
jfer
Guest
Posts: n/a
 
      08-22-2005
I actually jumped to conclusion here. I just set an application I am
working on with FormsAuthentication to no anonymous access with
integrated windows authenticatoin checked in IIS and it did indeed
work.

Not exactly sure what your problem might be now.

 
Reply With Quote
 
Waqas Pitafi
Guest
Posts: n/a
 
      08-22-2005
Thanks jfer for taking out time and replying. Ultimately I discovered it to
be a problem with an erroneous line of code in global.asx file. Sometime
after discovering the bug you end up feeling stupid which is I am feeling
right now.

For anybody else's interest the details of the bug go like this.

I have enabled automatic error catching through a single page Error.aspx in
Application_Error method of global.asx file. And an error in
Application_Authenticate method was not allowing any subsequent code to be
executed.

I don't know if I am able to explain it properly but fixing the bug in
Application_Authenticate method solved it for me.

Thanks for your patience.

"jfer" wrote:

> I actually jumped to conclusion here. I just set an application I am
> working on with FormsAuthentication to no anonymous access with
> integrated windows authenticatoin checked in IIS and it did indeed
> work.
>
> Not exactly sure what your problem might be now.
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enabling Windows Authentication from inside Forms Authentication (ASP.NET 2.0) Michael D. Ober ASP .Net Security 6 10-30-2006 03:17 PM
Enabling Windows Authentication from inside Forms Authentication (ASP.NET 2.0) Michael D. Ober ASP .Net Web Controls 6 10-30-2006 03:17 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Enabling Forms Authentication Stops Button Click Events =?Utf-8?B?V2FxYXMgUGl0YWZp?= ASP .Net 0 08-21-2005 06:05 PM
Button Click events only firing on second click Ben Fidge ASP .Net 5 06-15-2004 02:28 PM



Advertisments