Enabling Forms Authentication Stops Button Click Events

Discussion in 'ASP .Net Security' started by Waqas Pitafi, Aug 21, 2005.

  1. Waqas Pitafi

    Waqas Pitafi Guest

    Hi,

    3rd day is already gone without any solution.

    My problem is, I have a Windows Server 2003 sp1 machine as my development
    platform having NTFS filesystem. Other notable components installed are
    ODP.NET (latest version), WSE 2.0 sp3, offcourse VS.NET 2003 so .NET 1.1.

    When I enable Forms Authentication (restrict anonymous access) through web
    config using <authentication> section my login.aspx page's button stop
    working. After debugging I discovered, it's because of the Forms
    Authentication. I enable anonymous access every thing works great.

    I am out of ideas to find the solution, any help will be greatly appreciated.

    I have installed everything (including OS) from scratch only to get the same
    result. Moreover another developer's machine with exactly similar software
    configuration runs the same code (with Forms Authentication enabled and
    restricted anonymous access) without any problem.

    Thanks in advance.
     
    Waqas Pitafi, Aug 21, 2005
    #1
    1. Advertising

  2. Waqas Pitafi

    jfer Guest

    Hey Waqas I believe you are missing the pros/cons of Forms
    Authentication. When you use integrated windows authentication the
    users credentials are passed around via a trusted credential token.
    This is why with Integrated Windows Authentication you are allowed to
    pass the users identity to other resources, for example you can
    restrict users to file resources via built in Windows access control
    lists. When you use Forms Authentication you lose this ability and you
    are responsible for building up the credential token although it is not
    given the same trust (you cannot use Access Control Lists to
    restrict/allow access for instance). This is key to understanding your
    problem because all your users are actually browsing your site via the
    anonymous account setup in IIS when you use Forms Authentication. And
    you are building up their "credential token" as the forms
    authentication ticket (cookie).
    This implies to me that you MUST have anonymous access enabled when
    utilizing Forms Authentication. To restrict/deny access to resources
    you must then utilize URL Authorization via the web.config specificing
    either users or roles explicitely.

    Hope this helps.
     
    jfer, Aug 22, 2005
    #2
    1. Advertising

  3. Waqas Pitafi

    jfer Guest

    I actually jumped to conclusion here. I just set an application I am
    working on with FormsAuthentication to no anonymous access with
    integrated windows authenticatoin checked in IIS and it did indeed
    work.

    Not exactly sure what your problem might be now.
     
    jfer, Aug 22, 2005
    #3
  4. Waqas Pitafi

    Waqas Pitafi Guest

    Thanks jfer for taking out time and replying. Ultimately I discovered it to
    be a problem with an erroneous line of code in global.asx file. Sometime
    after discovering the bug you end up feeling stupid which is I am feeling
    right now.

    For anybody else's interest the details of the bug go like this.

    I have enabled automatic error catching through a single page Error.aspx in
    Application_Error method of global.asx file. And an error in
    Application_Authenticate method was not allowing any subsequent code to be
    executed.

    I don't know if I am able to explain it properly but fixing the bug in
    Application_Authenticate method solved it for me.

    Thanks for your patience.

    "jfer" wrote:

    > I actually jumped to conclusion here. I just set an application I am
    > working on with FormsAuthentication to no anonymous access with
    > integrated windows authenticatoin checked in IIS and it did indeed
    > work.
    >
    > Not exactly sure what your problem might be now.
    >
    >
     
    Waqas Pitafi, Aug 22, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben Fidge
    Replies:
    5
    Views:
    740
    S. Justin Gengo
    Jun 15, 2004
  2. =?Utf-8?B?V2FxYXMgUGl0YWZp?=

    Enabling Forms Authentication Stops Button Click Events

    =?Utf-8?B?V2FxYXMgUGl0YWZp?=, Aug 21, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    348
    =?Utf-8?B?V2FxYXMgUGl0YWZp?=
    Aug 21, 2005
  3. Michael D. Ober
    Replies:
    6
    Views:
    301
    Michael D. Ober
    Oct 30, 2006
  4. Michael D. Ober
    Replies:
    6
    Views:
    398
    Michael D. Ober
    Oct 30, 2006
  5. Bernhard Georg Enders
    Replies:
    2
    Views:
    153
    Grant Wagner
    Oct 25, 2004
Loading...

Share This Page