M
Mark Milley
Hi All -
I'm an MCAD and I've got a real head-scratcher here.
I've created a ASP.NET Web Application for a client that
essentially is a wrapper for SQL Reporting Services (they wanted a
custom security model). The application uses ASP.NET 2.0 and forms
authentication to lock down the site. I've used Forms Authentication in
the past and have never had the problem I'm about to describe.
The site works perfectly on my development machine, but after
uploading it to the server, the server completely ignores the forms
authentication, allowing anyone to access any page in the site. The
site works otherwise exactly as it should--no code errors, nothing.
Here is the pertinent information about the server:
Windows 2003 Server
ASP.NET 1.1 is used by default
ASP.NET 2.0 is installed and functional for this application
It has SQL Reporting Services 2005 and Great Plains Portal
installed (which uses Sharepoint--I have already excluded the
application path using stsadm)
From the logon script, the page does the correct database check
and sets the cookie, however, somehow the user is never actually logged
on. I have a logonview control in the master page file and the loggedon
template never appears, but I am given access to the full site.
Accessing a locked-down page without logging on is granted, as if
the web config files weren't set correctly, but I have a web config
file inside each folder preventing anonymous users.
Any Ideas?
-Mark
I'm an MCAD and I've got a real head-scratcher here.
I've created a ASP.NET Web Application for a client that
essentially is a wrapper for SQL Reporting Services (they wanted a
custom security model). The application uses ASP.NET 2.0 and forms
authentication to lock down the site. I've used Forms Authentication in
the past and have never had the problem I'm about to describe.
The site works perfectly on my development machine, but after
uploading it to the server, the server completely ignores the forms
authentication, allowing anyone to access any page in the site. The
site works otherwise exactly as it should--no code errors, nothing.
Here is the pertinent information about the server:
Windows 2003 Server
ASP.NET 1.1 is used by default
ASP.NET 2.0 is installed and functional for this application
It has SQL Reporting Services 2005 and Great Plains Portal
installed (which uses Sharepoint--I have already excluded the
application path using stsadm)
From the logon script, the page does the correct database check
and sets the cookie, however, somehow the user is never actually logged
on. I have a logonview control in the master page file and the loggedon
template never appears, but I am given access to the full site.
Accessing a locked-down page without logging on is granted, as if
the web config files weren't set correctly, but I have a web config
file inside each folder preventing anonymous users.
Any Ideas?
-Mark