ASP.NET 2.0 - Forms auth - no images and css on login page

M

Markus R.

Hi,

I have just configured my application to use forms based authentication.
Now, when I try to access a page I am redirected to the login page but its
CSS and images do not load.

It is great that ASP.NET 2 authentication finally protects non asp.net
content but how can I change the protection level of the objects which are
embedded in the login so that they are available without authenticaition?

Markus
 
D

Dominick Baier [DevelopMentor]

Hi,

first of all - ASP.NET does not protect non-ASP.NET content by default -
only if you map the corresponding extensions to aspnet_isapi.dll in IIS manager.
If you have not configured the application like this you might have a different
problem.

To exclude files - or better directories - from authentication use a <location>
element - i would copy all files that have to be available to anon users
in a central directory, e.g. calle public.

add to web.config:

<location path="public">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
 
M

Markus R.

Hi Dominick,
first of all - ASP.NET does not protect non-ASP.NET content by default -
only if you map the corresponding extensions to aspnet_isapi.dll in IIS
manager. If you have not configured the application like this you might
have a different problem.

I requested Default.css and got redirected to the login page. I have not
changes anything within the web server configuration.
Could it be that I experienced this behaviour because I use the VS.NET 2005
integrated "Development Server" and not IIS?
To exclude files - or better directories - from authentication use a
<location> element - i would copy all files that have to be available to
anon users in a central directory, e.g. calle public.

That sounds good. Thank you!

Markus
 
S

Steven Cheng[MSFT]

Hi Markus,

For the static resources (images , css...) being protected problem, first
we can double check that the linked resources' path are correct. If so, are
you using .net's buildin TestServer to developing the asp.net web app
instead of IIS? Based on my experience, this is potential cause since the
TestServer will accept all the requests (no matter for asp.net pages or
static resources like css or images....), thus, when we use
FormsAuthentication to protected our side(root dir and sub dirs...), all
the static files in the app folder will also be protected from
unauthenticated users....

If this is the case, you can consider the following options:

1. Developing the web application in IIS instead of the TestServer

2. Or you can temporarly set <authroization> for your static resources'
folder to let anonymous access(for forms authentication...)

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)




--------------------
| From: "Markus R." <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: ASP.NET 2.0 - Forms auth - no images and css on login page
| Date: Tue, 17 Jan 2006 11:58:52 +0100
| Lines: 21
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Response
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: 80.152.25.19
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:16939
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi Dominick,
|
| > first of all - ASP.NET does not protect non-ASP.NET content by default
-
| > only if you map the corresponding extensions to aspnet_isapi.dll in IIS
| > manager. If you have not configured the application like this you might
| > have a different problem.
|
| I requested Default.css and got redirected to the login page. I have not
| changes anything within the web server configuration.
| Could it be that I experienced this behaviour because I use the VS.NET
2005
| integrated "Development Server" and not IIS?
|
| > To exclude files - or better directories - from authentication use a
| > <location> element - i would copy all files that have to be available
to
| > anon users in a central directory, e.g. calle public.
|
| That sounds good. Thank you!
|
| Markus
|
|
|
 
M

Markus R.

Hi Steven,

thanks for the information. You are right. VS.NET's builtin Webserver has
caused the problem.

Regards,

Markus
 
S

Steven Cheng[MSFT]

You're welcome Markus,

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Markus R." <[email protected]>
| References: <[email protected]>
<[email protected]>
<#[email protected]>
<[email protected]>
| Subject: Re: ASP.NET 2.0 - Forms auth - no images and css on login page
| Date: Wed, 18 Jan 2006 09:49:35 +0100
| Lines: 94
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: 80.152.25.19
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:16955
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi Steven,
|
| thanks for the information. You are right. VS.NET's builtin Webserver has
| caused the problem.
|
| Regards,
|
| Markus
|
|
Newsbeitrag
| | > Hi Markus,
| >
| > For the static resources (images , css...) being protected problem,
first
| > we can double check that the linked resources' path are correct. If so,
| > are
| > you using .net's buildin TestServer to developing the asp.net web app
| > instead of IIS? Based on my experience, this is potential cause since
the
| > TestServer will accept all the requests (no matter for asp.net pages or
| > static resources like css or images....), thus, when we use
| > FormsAuthentication to protected our side(root dir and sub dirs...), all
| > the static files in the app folder will also be protected from
| > unauthenticated users....
| >
| > If this is the case, you can consider the following options:
| >
| > 1. Developing the web application in IIS instead of the TestServer
| >
| > 2. Or you can temporarly set <authroization> for your static resources'
| > folder to let anonymous access(for forms authentication...)
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure! www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| >
| >
| > --------------------
| > | From: "Markus R." <[email protected]>
| > | References: <[email protected]>
| > <[email protected]>
| > | Subject: Re: ASP.NET 2.0 - Forms auth - no images and css on login
page
| > | Date: Tue, 17 Jan 2006 11:58:52 +0100
| > | Lines: 21
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | X-RFC2646: Format=Flowed; Response
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | Message-ID: <#[email protected]>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| > | NNTP-Posting-Host: 80.152.25.19
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl
| > microsoft.public.dotnet.framework.aspnet.security:16939
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
| > |
| > | Hi Dominick,
| > |
| > | > first of all - ASP.NET does not protect non-ASP.NET content by
default
| > -
| > | > only if you map the corresponding extensions to aspnet_isapi.dll in
| > IIS
| > | > manager. If you have not configured the application like this you
| > might
| > | > have a different problem.
| > |
| > | I requested Default.css and got redirected to the login page. I have
not
| > | changes anything within the web server configuration.
| > | Could it be that I experienced this behaviour because I use the VS.NET
| > 2005
| > | integrated "Development Server" and not IIS?
| > |
| > | > To exclude files - or better directories - from authentication use a
| > | > <location> element - i would copy all files that have to be
available
| > to
| > | > anon users in a central directory, e.g. calle public.
| > |
| > | That sounds good. Thank you!
| > |
| > | Markus
| > |
| > |
| > |
| >
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top