Forms Authentication Problem

Discussion in 'ASP .Net Security' started by Bob Hansen, Feb 3, 2004.

  1. Bob Hansen

    Bob Hansen Guest

    Hello All,

    I am trying to set up forms authentication for an ASP.NET web site. I
    programmed quite a bit of stuff with custom IPrincipal and IIdentity objects
    and everything only to find out that none of it worked. After fiddling
    around with things I decided to try a really basic example. A set some
    values in the web.config as follows...

    <authentication mode="Forms">
    <forms name=".ASPXAUTH" loginUrl="Login.aspx" />
    </authentication>
    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>

    I then created a simple login.aspx page and a default.aspx page with no
    implementation. The only thing I wanted to do was see if accessing the
    default.aspx page would bring up the login.aspx page as expected. Didnt
    work. Not only that, but on further inspection of the
    Context.User.Identity.IsAuthenticated property revealed that I am always
    authenticated. I cannot unauthenticate myself. Further, the
    Context.User.Identity.Name comes up as my login name for windows complete
    with network domain!

    Is there a configuration option I am missing somewhere? Is there something
    in IIS that needs to be set? Please help!!!

    Cheers,

    Bob Hansen
    JASCorp, L.L.C.
    www.jasrx.com
    www.jascorp.com
     
    Bob Hansen, Feb 3, 2004
    #1
    1. Advertising

  2. You must check in IIS the anonymous access and Integrated Win.Auth. as well.

    --
    Hernan de Lahitte
    Lagash Systems S.A.
    http://www.lagash.com



    "Bob Hansen" <> wrote in message
    news:...
    > Hello All,
    >
    > I am trying to set up forms authentication for an ASP.NET web site. I
    > programmed quite a bit of stuff with custom IPrincipal and IIdentity

    objects
    > and everything only to find out that none of it worked. After fiddling
    > around with things I decided to try a really basic example. A set some
    > values in the web.config as follows...
    >
    > <authentication mode="Forms">
    > <forms name=".ASPXAUTH" loginUrl="Login.aspx" />
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > <allow users="*" />
    > </authorization>
    >
    > I then created a simple login.aspx page and a default.aspx page with no
    > implementation. The only thing I wanted to do was see if accessing the
    > default.aspx page would bring up the login.aspx page as expected. Didnt
    > work. Not only that, but on further inspection of the
    > Context.User.Identity.IsAuthenticated property revealed that I am always
    > authenticated. I cannot unauthenticate myself. Further, the
    > Context.User.Identity.Name comes up as my login name for windows complete
    > with network domain!
    >
    > Is there a configuration option I am missing somewhere? Is there

    something
    > in IIS that needs to be set? Please help!!!
    >
    > Cheers,
    >
    > Bob Hansen
    > JASCorp, L.L.C.
    > www.jasrx.com
    > www.jascorp.com
    >
    >
    >
     
    Hernan de Lahitte, Feb 3, 2004
    #2
    1. Advertising

  3. Bob Hansen

    Guest Guest

    It sounds like you have Windows Integrated Authentication
    enabled.

    >-----Original Message-----
    >Hello All,
    >
    >I am trying to set up forms authentication for an

    ASP.NET web site. I
    >programmed quite a bit of stuff with custom IPrincipal

    and IIdentity objects
    >and everything only to find out that none of it worked.

    After fiddling
    >around with things I decided to try a really basic

    example. A set some
    >values in the web.config as follows...
    >
    ><authentication mode="Forms">
    ><forms name=".ASPXAUTH" loginUrl="Login.aspx" />
    ></authentication>
    ><authorization>
    ><deny users="?" />
    ><allow users="*" />
    ></authorization>
    >
    >I then created a simple login.aspx page and a

    default.aspx page with no
    >implementation. The only thing I wanted to do was see

    if accessing the
    >default.aspx page would bring up the login.aspx page as

    expected. Didnt
    >work. Not only that, but on further inspection of the
    >Context.User.Identity.IsAuthenticated property revealed

    that I am always
    >authenticated. I cannot unauthenticate myself.

    Further, the
    >Context.User.Identity.Name comes up as my login name for

    windows complete
    >with network domain!
    >
    >Is there a configuration option I am missing somewhere?

    Is there something
    >in IIS that needs to be set? Please help!!!
    >
    >Cheers,
    >
    >Bob Hansen
    >JASCorp, L.L.C.
    >www.jasrx.com
    >www.jascorp.com
    >
    >
    >
    >.
    >
     
    Guest, Feb 3, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Connell
    Replies:
    1
    Views:
    548
    Natty Gur
    Oct 21, 2003
  2. Eric
    Replies:
    2
    Views:
    1,496
    Tommy
    Feb 13, 2004
  3. JEFF
    Replies:
    1
    Views:
    1,027
    =?Utf-8?B?YnJpYW5zW01DU0Rd?=
    Nov 12, 2007
  4. Keltex
    Replies:
    1
    Views:
    404
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    557
Loading...

Share This Page