Enabling Forms Authentication Stops Button Click Events

[Waqas Pitafi]

Hi,

3rd day is already gone without any solution.

My problem is, I have a Windows Server 2003 sp1 machine as my development
platform having NTFS filesystem. Other notable components installed are
ODP.NET (latest version), WSE 2.0 sp3, offcourse VS.NET 2003 so .NET 1.1.

When I enable Forms Authentication (restrict anonymous access) through web
config using <authentication> section my login.aspx page's button stop
working. After debugging I discovered, it's because of the Forms
Authentication. I enable anonymous access every thing works great.

I am out of ideas to find the solution, any help will be greatly appreciated.

I have installed everything (including OS) from scratch only to get the same
result. Moreover another developer's machine with exactly similar software
configuration runs the same code (with Forms Authentication enabled and
restricted anonymous access) without any problem.

Thanks in advance.

 

[jfer]

Hey Waqas I believe you are missing the pros/cons of Forms
Authentication. When you use integrated windows authentication the
users credentials are passed around via a trusted credential token.
This is why with Integrated Windows Authentication you are allowed to
pass the users identity to other resources, for example you can
restrict users to file resources via built in Windows access control
lists. When you use Forms Authentication you lose this ability and you
are responsible for building up the credential token although it is not
given the same trust (you cannot use Access Control Lists to
restrict/allow access for instance). This is key to understanding your
problem because all your users are actually browsing your site via the
anonymous account setup in IIS when you use Forms Authentication. And
you are building up their "credential token" as the forms
authentication ticket (cookie).
This implies to me that you MUST have anonymous access enabled when
utilizing Forms Authentication. To restrict/deny access to resources
you must then utilize URL Authorization via the web.config specificing
either users or roles explicitely.

Hope this helps.

 

[jfer]

I actually jumped to conclusion here. I just set an application I am
working on with FormsAuthentication to no anonymous access with
integrated windows authenticatoin checked in IIS and it did indeed
work.

Not exactly sure what your problem might be now.

 

[Waqas Pitafi]

Thanks jfer for taking out time and replying. Ultimately I discovered it to
be a problem with an erroneous line of code in global.asx file. Sometime
after discovering the bug you end up feeling stupid which is I am feeling
right now.

For anybody else's interest the details of the bug go like this.

I have enabled automatic error catching through a single page Error.aspx in
Application_Error method of global.asx file. And an error in
Application_Authenticate method was not allowing any subsequent code to be
executed.

I don't know if I am able to explain it properly but fixing the bug in
Application_Authenticate method solved it for me.

Thanks for your patience.