«

I am able to implement Forms Based Authentication successfully, following the
example in this link:
http://support.microsoft.com/kb/326340/

Although functional, the resulting page (logon.aspx) is plain vanilla. I
just want to dress it up by adding a company logo to this logon page. So, I
added an image element to the page. The image never displays before a user
logs into the website. Interestingly, after the user has been authenticated
and attempts to access logon.aspx, the company logo is displayed. It's as if
all files in the secured directory (including the images) cannot be accessed
until the user has been successfully authenticated.

OK, I understand the concept. "Secure the files until after a user has been
authenticated." Seems like a Catch-22 to me. How would you dress up a logon
page in this context?

put the images in a separate folder and add a location element to web.config,
e.g.

<location path="images">
<system.web>
<autorization>
<allow users="*" />


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> I am able to implement Forms Based Authentication successfully,
> following the
> example in this link:
> http://support.microsoft.com/kb/326340/
> Although functional, the resulting page (logon.aspx) is plain vanilla.
> I just want to dress it up by adding a company logo to this logon
> page. So, I added an image element to the page. The image never
> displays before a user logs into the website. Interestingly, after
> the user has been authenticated and attempts to access logon.aspx, the
> company logo is displayed. It's as if all files in the secured
> directory (including the images) cannot be accessed until the user has
> been successfully authenticated.
>
> OK, I understand the concept. "Secure the files until after a user
> has been authenticated." Seems like a Catch-22 to me. How would you
> dress up a logon page in this context?
>

Dominick,

Thanks for the timely and relevant response! This worked perfectly.

-Jason



"Dominick Baier" wrote:

> put the images in a separate folder and add a location element to web.config,
> e.g.
>
> <location path="images">
> <system.web>
> <autorization>
> <allow users="*" />
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > I am able to implement Forms Based Authentication successfully,
> > following the
> > example in this link:
> > http://support.microsoft.com/kb/326340/
> > Although functional, the resulting page (logon.aspx) is plain vanilla.
> > I just want to dress it up by adding a company logo to this logon
> > page. So, I added an image element to the page. The image never
> > displays before a user logs into the website. Interestingly, after
> > the user has been authenticated and attempts to access logon.aspx, the
> > company logo is displayed. It's as if all files in the secured
> > directory (including the images) cannot be accessed until the user has
> > been successfully authenticated.
> >
> > OK, I understand the concept. "Secure the files until after a user
> > has been authenticated." Seems like a Catch-22 to me. How would you
> > dress up a logon page in this context?
> >
>
>
>