P
Philbert
L.S.,
For our client we have built a web application for use on their
internal network.
The employees need to log onto the application specifically,
regardless of their Windows authorisation status.
Web.config contains the following lines:
<authentication mode="Forms">
<forms name=".ASPXEFORM" loginUrl="ef_login.aspx" protection="All"
timeout="10" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
What I find is that people that are logged into the network are not
considered anonymous and can access the application without passing
through ef_login.aspx
How can I prevent this?
Greetings,
Philbert de Zwart,
The Netherlands.
For our client we have built a web application for use on their
internal network.
The employees need to log onto the application specifically,
regardless of their Windows authorisation status.
Web.config contains the following lines:
<authentication mode="Forms">
<forms name=".ASPXEFORM" loginUrl="ef_login.aspx" protection="All"
timeout="10" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
What I find is that people that are logged into the network are not
considered anonymous and can access the application without passing
through ef_login.aspx
How can I prevent this?
Greetings,
Philbert de Zwart,
The Netherlands.