ASP.NET 2.0 & FormsAuthentication

[vetplakh]

Visual Studio 2005 Beta 2

Web.config
<system.web>
<authentication mode="Forms">
<forms name=".AS20AUTH" slidingExpiration="false" loginUrl="login.aspx" />
</authentication>
</system.web>
....

According to IIS logs Forms Authentication Control Flow described in
http://msdn2.microsoft.com/library/9fw3ef80(en-us,vs.80).aspx
doesn't work.

Pls help me.

 

[Dominick Baier [DevelopMentor]]

Hello vetplakh,

wanna give us more info, or shall we on ourselves figure out what exactly
your problem is??

do you have denied access to anon users??

<authorization>
<deny users="?" />
<authorization>

 

[vetplakh]

OS - Wndows XP SP2

I create web-site:
Location: HTTP
Language: C#

To the newly created web-project I add web.config-file:
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configSections>
<section name="OctaEnc"
type="System.Configuration.NameValueSectionHandler" />
</configSections>
<!--===============================================================================-->
<appSettings>
<add key="HTMLFactoryLog" value="E:\Data\HTMLFactory.log"/>
<add key="SubDocEngineLog" value="E:\Data\SubDocEngine.log"/>
</appSettings>
<!--===============================================================================-->
<connectionStrings>
<add
connectionString="Server=(local);Database=VKM34FR;Integrated
Security=SSPI;"
name="CnNET"
providerName="System.Data.SqlClient"
/>
<add

connectionString="Provider=SQLOLEDB;Server=(local);Database=VKM34FR;Integrated Security=SSPI;"
name="CnADO"
providerName="System.Data.OleDb"
/>
</connectionStrings>
<!--===============================================================================-->
<protectedData>
<protectedDataSections>
<add name="OctaEnc" provider="RsaProtectedConfigurationProvider"
inheritedByChildren="false" />
</protectedDataSections>
</protectedData>
<OctaEnc>
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey Recipient="" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>iN/kDPw1CA8TUT7whF/luN6zQBLRAANSU1tyDLerhx8gc5rncBF2K6yKK4DDX6YtIvkGvJgJtiupfwjK4Es8k6+bfE4Q50mYC19Ofotnl+W7ZLsdPLRM80j/c9qSiPkixP/GJB8bGQwyyBwsOlwi1Vcki3CGpWFykxmDi1v84Vo=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>Muw9pp7r3VguhqKzM9vRfzjV5YBLQkqSQSS0HTt8bpgYU8kLRiUVGtbuVMk8YXc+FCbBGYLtpTRkmJTE5oDA1CDD518RwyHxqQIHMOzgMtlhLGmYtJZ0zdOrduiZ1+jJAR4Nvb4Ulm5FGdhKEgNTfCpf2qT06y+13LwYkYJaiYirLh2ulI84ZP0JlojcDEn7</CipherValue>
</CipherData>
</EncryptedData>
</OctaEnc>
<!--===============================================================================-->
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" defaultLanguage="c#" />
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms name=".AS20AUTH" slidingExpiration="false" loginUrl="login.aspx" />
</authentication>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm"/>
<error statusCode="404" redirect="FileNotFound.htm"/>
</customErrors>
-->
<httpHandlers>
<add verb="GET" path="ShowImage.aspx" type="OcVKM20.PDFHandler,OcVKM20"/>
</httpHandlers>
</system.web>
<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<network host="10.0.77.26" defaultCredentials="false"/>
</smtp>
</mailSettings>
</system.net>
</configuration>

I add the existing C++ project OcVKM20 to the solution and add reference to
this project into web-project.

I add new web-form login.aspx to the web-project and explicitly make
default.aspx as a start page.

I run application - redirection doesn't occur.

do you have denied access to anon users??

<authorization>
<deny users="?" />
<authorization>

No I don't. The default value is used (which I'm sure is allow="*")

P.S.

... shall we on ourselves figure out what exactly
your problem is??

Don't you guys get paid for that?

 

[Dominick Baier [DevelopMentor]]

Hello vetplakh,

No I don't. The default value is used (which I'm sure is allow="*")

And that's your problem - no authentication required - no redirect

Don't you guys get paid for that?

HAHA. No, we don't. we hang out here just for kicks.

 

[vetplakh]

OK - I added

<authorization>
<allow users="*"/>
</authorization>

after
<authentication>

No luck.

 

[vetplakh]

OK - I got it. Thx for help

Hello vetplakh,



And that's your problem - no authentication required - no redirect



HAHA. No, we don't. we hang out here just for kicks.

 

[Patrick.O.Ige]

Dominick
That was a nice question if we get paid
Patrick