Forms Authentication to protect .cgi application problem

Discussion in 'ASP .Net Security' started by Stephen Davies, Dec 30, 2004.

  1. I have enabled forms authentication on an IIS 6 W2k3 server to protect access
    to the application files until authenticated.

    The actual application apart from the login/logout files is .cgi based so I
    have added a “Wildcard Application Map†entry

    site properties
    home directory tab
    Configuration
    Application Configuration

    to point to the “aspnet_isapi.dll†so that .cgi application files must be
    authenticated before they can run.

    So far all seems to be working well, direct invocation of the .cgi
    application is trapped and redirected to the login screen but after logging
    in I am prompted with a download dialog (as if there were no mime type)

    1. If I remove the Wildcard Application Mapping the .cgi application runs
    2. If I allow users=â€*†in the authorization section of the web config (with
    the wildcard application mapping in place) it also works perfectly.

    On top of this I also have an httphandler routine to perform a URLRewrite to
    catch the application logout command, although the symptoms above are exactly
    the same when its removed from the web config.

    Any help on this would be greatly appreciated.

    Regards
    Stephen Davies
     
    Stephen Davies, Dec 30, 2004
    #1
    1. Advertising

  2. Stephen Davies

    [MSFT] Guest

    Hello Stephen,

    How did you redirect from the logon form to the CGI file? If you code like:

    Response.Redirect

    or

    Server.Transfer

    Will it get work?

    Luke
     
    [MSFT], Dec 31, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Rilling
    Replies:
    1
    Views:
    632
    John Saunders
    Jun 7, 2004
  2. Replies:
    4
    Views:
    615
  3. Alan Silver
    Replies:
    7
    Views:
    574
    Alan Silver
    Jan 3, 2006
  4. Ronald S. Cook
    Replies:
    4
    Views:
    1,061
    Erik Funkenbusch
    Mar 13, 2006
  5. Stephen Davies

    Forms Authentication to protect a cgi application

    Stephen Davies, Dec 30, 2004, in forum: ASP .Net Security
    Replies:
    13
    Views:
    663
    Stephen Davies
    Jan 9, 2005
Loading...

Share This Page