Forms authentication on a business WAN

Discussion in 'ASP .Net Security' started by Philbert, Nov 20, 2003.

  1. Philbert

    Philbert Guest

    L.S.,

    For our client we have built a web application for use on their
    internal network.
    The employees need to log onto the application specifically,
    regardless of their Windows authorisation status.

    Web.config contains the following lines:

    <authentication mode="Forms">
    <forms name=".ASPXEFORM" loginUrl="ef_login.aspx" protection="All"
    timeout="10" />
    </authentication>

    <authorization>
    <deny users="?" />
    </authorization>

    What I find is that people that are logged into the network are not
    considered anonymous and can access the application without passing
    through ef_login.aspx

    How can I prevent this?

    Greetings,
    Philbert de Zwart,
    The Netherlands.
    Philbert, Nov 20, 2003
    #1
    1. Advertising

  2. Philbert,

    As long as the user is requesting an .aspx page or another page mapped to
    the aspnet_isapi.dll, this should work fine (although your web.config is
    not configured as recommended.)

    See this:
    301240 HOW TO: Implement Forms-Based Authentication in Your ASP.NET
    Application
    http://support.microsoft.com/?id=301240

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.


    --------------------
    >From: (Philbert)
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Subject: Forms authentication on a business WAN
    >Date: 20 Nov 2003 07:10:36 -0800
    >Organization: http://groups.google.com
    >Lines: 27
    >Message-ID: <>
    >NNTP-Posting-Host: 195.109.155.71
    >Content-Type: text/plain; charset=ISO-8859-1
    >Content-Transfer-Encoding: 8bit
    >X-Trace: posting.google.com 1069341036 1804 127.0.0.1 (20 Nov 2003

    15:10:36 GMT)
    >X-Complaints-To:
    >NNTP-Posting-Date: Thu, 20 Nov 2003 15:10:36 +0000 (UTC)
    >Path:

    cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
    .phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!n
    ews.maxwell.syr.edu!postnews1.google.com!not-for-mail
    >Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7597
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >L.S.,
    >
    >For our client we have built a web application for use on their
    >internal network.
    >The employees need to log onto the application specifically,
    >regardless of their Windows authorisation status.
    >
    >Web.config contains the following lines:
    >
    ><authentication mode="Forms">
    > <forms name=".ASPXEFORM" loginUrl="ef_login.aspx" protection="All"
    >timeout="10" />
    ></authentication>
    >
    ><authorization>
    > <deny users="?" />
    ></authorization>
    >
    >What I find is that people that are logged into the network are not
    >considered anonymous and can access the application without passing
    >through ef_login.aspx
    >
    >How can I prevent this?
    >
    >Greetings,
    >Philbert de Zwart,
    >The Netherlands.
    >
    Jim Cheshire [MSFT], Nov 20, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ben
    Replies:
    2
    Views:
    2,085
    Guest
    Dec 24, 2003
  2. Eric
    Replies:
    2
    Views:
    1,380
    Tommy
    Feb 13, 2004
  3. =?Utf-8?B?S2VubmV0aCBQ?=

    VS.NET 2003 wan't start!!! after W2kSP4

    =?Utf-8?B?S2VubmV0aCBQ?=, Dec 16, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    481
    =?Utf-8?B?S2VubmV0aCBQ?=
    Dec 16, 2004
  4. Adrian Parker

    looking for WAN source control system

    Adrian Parker, Jun 28, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    401
    Adrian Parker
    Jun 30, 2005
  5. Eric
    Replies:
    2
    Views:
    458
Loading...

Share This Page