Bypass forms authentication

Discussion in 'ASP .Net Security' started by CJF, Mar 4, 2004.

  1. CJF

    CJF Guest

    My application uses forms-based authentication.
    In my .NET project I have a subfolder to store forms that display
    user-friendly error messages to the user.
    I also have an http module to handle prerequests for creating my database
    objects and connections. If the database connection fails I want the user
    to be redirected to one of my error pages. The problem is if the connection
    fails before the user has an opportunity to authenticate then the user gets
    redirect to the error page, which in turn redirects them to the sign-in
    page, which in turn fails to connect to the db and redirects them to the
    error page (and round and round we go!). I created a web.config file for my
    subfolder and set the authorization to allow all users, but it's not
    allowing the user to see the error page and still invokes forms
    authentication by using the authentication and authorization settings in the
    parent web.config file. If I go to the error page by typing in the URL
    directly it works, but it doesn't work if I redirect in the code.

    How can I allow redirection to a page in the project and bypass the
    authentication on a subfolder or form basis? Should the child web.config
    file override the parent and allow all users if I choose?

    Thx, Chris
    CJF, Mar 4, 2004
    #1
    1. Advertising

  2. Hi Chris,
    Add this after the first </sytem>
    before </configuration>
    <location path="FOLDERNAME">
    <system.web>
    <compilation defaultLanguage="vb/c#" debug="true" />
    <authorization>
    <allow users="*"/>
    </authorization>
    </system.web>
    </location>
    Check it out This Works.
    Arvind
    "CJF" <> wrote in message
    news:up$...
    > My application uses forms-based authentication.
    > In my .NET project I have a subfolder to store forms that display
    > user-friendly error messages to the user.
    > I also have an http module to handle prerequests for creating my database
    > objects and connections. If the database connection fails I want the user
    > to be redirected to one of my error pages. The problem is if the

    connection
    > fails before the user has an opportunity to authenticate then the user

    gets
    > redirect to the error page, which in turn redirects them to the sign-in
    > page, which in turn fails to connect to the db and redirects them to the
    > error page (and round and round we go!). I created a web.config file for

    my
    > subfolder and set the authorization to allow all users, but it's not
    > allowing the user to see the error page and still invokes forms
    > authentication by using the authentication and authorization settings in

    the
    > parent web.config file. If I go to the error page by typing in the URL
    > directly it works, but it doesn't work if I redirect in the code.
    >
    > How can I allow redirection to a page in the project and bypass the
    > authentication on a subfolder or form basis? Should the child web.config
    > file override the parent and allow all users if I choose?
    >
    > Thx, Chris
    >
    >
    Arvind P Rangan, Mar 5, 2004
    #2
    1. Advertising

  3. CJF

    CJF Guest

    Hi Arvind,
    I tried using the location element and it still loops between pages. I
    placed the location block in my project's web.config and when that didn't
    work, I put it in my subfolder's web.config. I also tried specifying a
    specific file. I'm wondering if it's the ordering of events that still
    causing it, since I'm doing the db connect on the prerequest event. I don't
    know at what stage the web.config file is interpreted.
    I'll have to find some other way to work around that.

    "Arvind P Rangan" <> wrote in message
    news:...
    > Hi Chris,
    > Add this after the first </sytem>
    > before </configuration>
    > <location path="FOLDERNAME">
    > <system.web>
    > <compilation defaultLanguage="vb/c#" debug="true" />
    > <authorization>
    > <allow users="*"/>
    > </authorization>
    > </system.web>
    > </location>
    > Check it out This Works.
    > Arvind
    > "CJF" <> wrote in message
    > news:up$...
    > > My application uses forms-based authentication.
    > > In my .NET project I have a subfolder to store forms that display
    > > user-friendly error messages to the user.
    > > I also have an http module to handle prerequests for creating my

    database
    > > objects and connections. If the database connection fails I want the

    user
    > > to be redirected to one of my error pages. The problem is if the

    > connection
    > > fails before the user has an opportunity to authenticate then the user

    > gets
    > > redirect to the error page, which in turn redirects them to the sign-in
    > > page, which in turn fails to connect to the db and redirects them to the
    > > error page (and round and round we go!). I created a web.config file

    for
    > my
    > > subfolder and set the authorization to allow all users, but it's not
    > > allowing the user to see the error page and still invokes forms
    > > authentication by using the authentication and authorization settings in

    > the
    > > parent web.config file. If I go to the error page by typing in the URL
    > > directly it works, but it doesn't work if I redirect in the code.
    > >
    > > How can I allow redirection to a page in the project and bypass the
    > > authentication on a subfolder or form basis? Should the child

    web.config
    > > file override the parent and allow all users if I choose?
    > >
    > > Thx, Chris
    > >
    > >

    >
    >
    CJF, Mar 5, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,406
    Tommy
    Feb 13, 2004
  2. Chumma Dede
    Replies:
    2
    Views:
    668
    Chumma Dede
    Feb 9, 2006
  3. Larry Smith

    How to bypass forms-based authentication

    Larry Smith, Aug 25, 2008, in forum: ASP .Net
    Replies:
    0
    Views:
    387
    Larry Smith
    Aug 25, 2008
  4. Tim_Mac

    bypass forms authentication on local?

    Tim_Mac, Oct 4, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    185
    Tim_Mac
    Oct 5, 2005
  5. Eric
    Replies:
    2
    Views:
    467
Loading...

Share This Page