Forms authentication on a business WAN

P

Philbert

L.S.,

For our client we have built a web application for use on their
internal network.
The employees need to log onto the application specifically,
regardless of their Windows authorisation status.

Web.config contains the following lines:

<authentication mode="Forms">
<forms name=".ASPXEFORM" loginUrl="ef_login.aspx" protection="All"
timeout="10" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

What I find is that people that are logged into the network are not
considered anonymous and can access the application without passing
through ef_login.aspx

How can I prevent this?

Greetings,
Philbert de Zwart,
The Netherlands.
 
J

Jim Cheshire [MSFT]

Philbert,

As long as the user is requesting an .aspx page or another page mapped to
the aspnet_isapi.dll, this should work fine (although your web.config is
not configured as recommended.)

See this:
301240 HOW TO: Implement Forms-Based Authentication in Your ASP.NET
Application
http://support.microsoft.com/?id=301240

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms authentication 4
Forms Authentication 8
forms authentication across virtual directories 2
forms authentication and wildcard mappings on UNC share 1
Forms authentication - clean cookie when close browser 1
Forms authentication credentials fail 5
Forms Authentication with Active Directory 3
Forms Authentication for single directory 1

Members online

No members online now.
Total: 26 (members: 0, guests: 26)
Robots: 456

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top