Hi Mark,
Welcome.
As for the image file displaying in Cookieless forms authentication
protected website (asp.net 2.0), are you developing and testing the
application in buildin test server rather than IIS? If so, this is the
expected behavior because IIS server can handle both static file resources
directly or forward the request to ASP.NET runtime, however when using
buildin test server, all the requests are handled by the test
server(asp.net isapi...) ,then when we using
FormsAuthenticaiotn(cookieless), the related httpmodule will always handle
the request and try authenticate the user (through the embeded user token
string....) so when using a url string without the authenticated uesr's
credential(embeded string), it will occur some problems. In IIS, the
static non-embeded token image url will be used to request the static
resources, you can check the IIS log to see whether web requests....
Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| NNTP-Posting-Date: Sat, 14 Jan 2006 21:07:57 -0600
| From: Mark Olbert <
[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Subject: Cookieless Authentication and Relative HTML References
| Date: Sat, 14 Jan 2006 19:07:56 -0800
| Organization: Olbert & McHugh, LLC
| Reply-To: (e-mail address removed)
| Message-ID: <
[email protected]>
| X-Newsreader: Forte Agent 3.1/32.783
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Lines: 24
| X-Trace:
sv3-8NDckWorfOtUsObhbKeueGZpPZkCsgytWyBEu72Ja2xP3s0IS0HzH0K5o7PAQiFurPZkUG+9
0sR1J2k!YlouEOpLb0hSDH+DCkoga94MJLchy1Uy8zgyE62ofl1jiI6d+cYITXHAHv1TKwpV3p03
gQ==
| X-Complaints-To: (e-mail address removed)
| X-DMCA-Notifications:
http://www.giganews.com/info/dmca.html
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
ews.com!local01.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:370903
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| I have a website (ASPNET2) which uses cookieless authentication.
|
| <img> tags on restricted-access aspx pages appear to need the URL
credential fragment (i.e., the long string that encodes the user's
| credentials) to be found...which is contrary to my understanding (under
1.1, at least) as to how resources are controlled. Example:
|
| This tag on a restricted-access aspx page:
|
| <img src="/data/somefile.gif">
|
| Shows up as "not found" (i.e., the image contains a red x). So I tried to
surf to:
|
|
http://localhost:<port>/site/data/somefile.gif
|
| and got a resource not found error.
|
| But this URL:
|
|
http://localhost<port>/<long user credential fragment>/data/somefile.gif"
|
| displays the expected image.
|
| Did something change between 1.1 and 2.0 in this arena?
|
| - Mark
|
