Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

forms authentication problem

i'm having a problem securing some of my pages using forms authentication. i define the private pages in web.config, but i can get to those pages without logging. here is my web.config...

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="connectionString" value="connectionInfo" />
  </appSettings> 

  <system.web>

    <compilation
        defaultLanguage="c#"
        debug="true"
    />

    <customErrors
    mode="RemoteOnly"
    />

    <authentication mode="Forms">
        <forms    name="IntenseLogin73"
                loginUrl="Login.aspx"
                protection="All"
                timeout="30"
                path="/">
        </forms>
    </authentication>

    <authorization>
        <deny users="*" />
    </authorization>
   
    <trace
        enabled="false"
        requestLimit="10"
        pageOutput="false"
        traceMode="SortByTime"
        localOnly="true"
    />


    <sessionState
            mode="InProc"
            stateConnectionString="tcpip=127.0.0.1:42424"
            sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
            cookieless="false"
            timeout="20"
    />

    <globalization
            requestEncoding="utf-8"
            responseEncoding="utf-8"
  />
 
</system.web>

    <location path="privatepage.htm">
        <system.web>
            <authorization>
                <deny users="?" />
                <allow users="*" />
            </authorization>
        </system.web>
    </location>
</configuration>

is there an error??

mark
Thursday, April 07, 2005

By default the ASP.NET processor (asp_wp.exe on Win2k server) is not registered to handle .htm or .html files.  So since the ASP.NET processor is handling your forms authentication it never sees the request for the privatepage.html.  If you renamed the html file to .aspx then your authentication would work.  Otherwise you will need to register the .htm and .html filetypes to the ASP.NET processor in IIS (you will have to do a google search for how to do this as I cannot remember right off the top of my head).

Hope this helps!

James Smith
Tuesday, April 12, 2005

*  Recent Topics

*  Fog Creek Home