Forms Authentication to specific folders

Discussion in 'ASP .Net Security' started by Michael Tissington, Jan 19, 2004.

  1. I have a web application that is using Forms Authentication (with
    users/passwords stored in a database) and for the most part it is working.

    I have a web page with links on it to files of different types (exe, zip,
    pdf)

    When the user clicks on one of these links I'd like them to have to log on
    and then they can download the file (or any file in the same folder)

    How can I set this up ?

    Thanks.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com
     
    Michael Tissington, Jan 19, 2004
    #1
    1. Advertising

  2. Michael Tissington

    MSFT Guest

    Hi Michael ,

    Thank you for using MSDN Newsgroup. I am Luke and I am review this issue
    currently. As I understand, you have an ASP.NET application with form
    authentication. When user request an ASPX file, he will be redirected to
    logon form first. When user request a different file (exe, zip, pdf), you
    also need this behavior.

    To achieve this, we need change the virtual folder's configaration so that
    ASP.NET also manage the request for these kind of request ( I use IIS 6.0
    as demo):

    1. Open IIS Manager in Administrator Tools, browse to the virtual folder,
    right click it and select Properties.
    2. On Directory tab, click button "Configration..." and you will see the
    Application extensions list.
    3. Click Add button, add a application extension for .exe. Set 'Executabel'
    to C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll; Set
    'Extension' to .exe; set 'Verbs' to All verbs.
    4. Repeat step 3 for .zip and .pdf
    5. restart your IIS

    Hope this help,

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 20, 2004
    #2
    1. Advertising

  3. Thanks, and what do I need to put into my web.config file also ?

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "MSFT" <> wrote in message
    news:...
    > Hi Michael ,
    >
    > Thank you for using MSDN Newsgroup. I am Luke and I am review this issue
    > currently. As I understand, you have an ASP.NET application with form
    > authentication. When user request an ASPX file, he will be redirected to
    > logon form first. When user request a different file (exe, zip, pdf), you
    > also need this behavior.
    >
    > To achieve this, we need change the virtual folder's configaration so that
    > ASP.NET also manage the request for these kind of request ( I use IIS 6.0
    > as demo):
    >
    > 1. Open IIS Manager in Administrator Tools, browse to the virtual folder,
    > right click it and select Properties.
    > 2. On Directory tab, click button "Configration..." and you will see the
    > Application extensions list.
    > 3. Click Add button, add a application extension for .exe. Set

    'Executabel'
    > to C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll; Set
    > 'Extension' to .exe; set 'Verbs' to All verbs.
    > 4. Repeat step 3 for .zip and .pdf
    > 5. restart your IIS
    >
    > Hope this help,
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 20, 2004
    #3
  4. I have placed an entry in my web.config file and when I click on the link I
    now get the login page, have after entering the name and password, the
    redirection back to the exe is not working (it stays on the login page)

    What am I missing?

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com


    "MSFT" <> wrote in message
    news:...
    > Hi Michael ,
    >
    > Thank you for using MSDN Newsgroup. I am Luke and I am review this issue
    > currently. As I understand, you have an ASP.NET application with form
    > authentication. When user request an ASPX file, he will be redirected to
    > logon form first. When user request a different file (exe, zip, pdf), you
    > also need this behavior.
    >
    > To achieve this, we need change the virtual folder's configaration so that
    > ASP.NET also manage the request for these kind of request ( I use IIS 6.0
    > as demo):
    >
    > 1. Open IIS Manager in Administrator Tools, browse to the virtual folder,
    > right click it and select Properties.
    > 2. On Directory tab, click button "Configration..." and you will see the
    > Application extensions list.
    > 3. Click Add button, add a application extension for .exe. Set

    'Executabel'
    > to C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll; Set
    > 'Extension' to .exe; set 'Verbs' to All verbs.
    > 4. Repeat step 3 for .zip and .pdf
    > 5. restart your IIS
    >
    > Hope this help,
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 20, 2004
    #4
  5. Michael Tissington

    MSFT Guest

    Hi Michael,

    How did you code in the Login page? Generally, we only need one line simple
    code after authentication like:

    FormsAuthentication.RedirectFromLoginPage("", False)

    and there is no any special in the web.config:

    <authentication mode="Forms">
    <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
    protection="All" path="/" timeout="30" />
    </authentication>

    <authorization>
    <deny users ="?" />
    <allow users = "*" />
    </authorization>

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 20, 2004
    #5
  6. Luke,

    Strange, very strange this is what I have .... both exe and pdf have the
    same problem .... after logon the page does not get redirected.

    In the same session, if I then try to go to another page that requires
    logon, I go straight to it and am not prompted to logon again - which is
    what I would expect. However if I go to the link for the exe or pdf, I'm
    still prompted to logon.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "MSFT" <> wrote in message
    news:...
    > Hi Michael,
    >
    > How did you code in the Login page? Generally, we only need one line

    simple
    > code after authentication like:
    >
    > FormsAuthentication.RedirectFromLoginPage("", False)
    >
    > and there is no any special in the web.config:
    >
    > <authentication mode="Forms">
    > <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
    > protection="All" path="/" timeout="30" />
    > </authentication>
    >
    > <authorization>
    > <deny users ="?" />
    > <allow users = "*" />
    > </authorization>
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 20, 2004
    #6
  7. Just as a thought, do I need to set any permissions on the folder it self ?

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "MSFT" <> wrote in message
    news:...
    > Hi Michael,
    >
    > How did you code in the Login page? Generally, we only need one line

    simple
    > code after authentication like:
    >
    > FormsAuthentication.RedirectFromLoginPage("", False)
    >
    > and there is no any special in the web.config:
    >
    > <authentication mode="Forms">
    > <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
    > protection="All" path="/" timeout="30" />
    > </authentication>
    >
    > <authorization>
    > <deny users ="?" />
    > <allow users = "*" />
    > </authorization>
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 20, 2004
    #7
  8. Michael Tissington

    MSFT Guest

    Hi Michael,

    DId you use the persisted cookies? I suggest you create a new asp.net
    project and only add one logon form and add code as I suggest in my
    previous message. Will this help for a exe or pdf file?

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 21, 2004
    #8
  9. Luke,

    I have tried this (going back to basics) and I get the same problem.

    I'm running Windows 2003.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "MSFT" <> wrote in message
    news:...
    > Hi Michael,
    >
    > DId you use the persisted cookies? I suggest you create a new asp.net
    > project and only add one logon form and add code as I suggest in my
    > previous message. Will this help for a exe or pdf file?
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 21, 2004
    #9
  10. Hi Michael,

    I'm sorry we've been delayed in getting back to you. The ASP.NET process
    needs to have read access to the files to be donwloaded. This can be set on
    the individual files or on the folder. The account that needs read
    permissions is typically either the "Network Service" or "ASPNET" account.

    We are still researching this issue and will post more information as soon
    as we can.

    Thank you, Mike
    Microsoft, ASP.NET Support Professional

    Microsoft highly recommends to all of our customers that they visit the
    http://www.microsoft.com/protect site and perform the three straightforward
    steps listed to improve your computer’s security.

    This posting is provided "AS IS", with no warranties, and confers no rights.


    --------------------
    > From: "Michael Tissington" <>
    > References: <>

    <>
    <Omds#>
    <>
    > Subject: Re: Forms Authentication to specific folders
    > Date: Tue, 20 Jan 2004 08:13:30 -0800
    > Lines: 38
    > X-Priority: 3
    > X-MSMail-Priority: Normal
    > X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    > Message-ID: <u$>
    > Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > NNTP-Posting-Host: antelope.oaklodge.com 63.67.71.5
    > Path:

    cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.
    phx.gbl
    > Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:8293
    > X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    > Just as a thought, do I need to set any permissions on the folder it self

    ?
    >
    > --
    > Michael Tissington
    > http://www.oaklodge.com
    > http://www.tabtag.com
    >
    > "MSFT" <> wrote in message
    > news:...
    > > Hi Michael,
    > >
    > > How did you code in the Login page? Generally, we only need one line

    > simple
    > > code after authentication like:
    > >
    > > FormsAuthentication.RedirectFromLoginPage("", False)
    > >
    > > and there is no any special in the web.config:
    > >
    > > <authentication mode="Forms">
    > > <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
    > > protection="All" path="/" timeout="30" />
    > > </authentication>
    > >
    > > <authorization>
    > > <deny users ="?" />
    > > <allow users = "*" />
    > > </authorization>
    > >
    > > Luke
    > > Microsoft Online Support
    > >
    > > Get Secure! www.microsoft.com/security
    > > (This posting is provided "AS IS", with no warranties, and confers no
    > > rights.)
    > >

    >
    >
    >
     
    Mike Moore [MSFT], Jan 23, 2004
    #10
  11. Mike,

    Thanks for the update.

    I have added both "NETWORK SERVICES" the ASP.NET account on the local
    machine to the security and given them full access ....

    Still get the same problem.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    ""Mike Moore [MSFT]"" <> wrote in message
    news:pTk$...
    > Hi Michael,
    >
    > I'm sorry we've been delayed in getting back to you. The ASP.NET process
    > needs to have read access to the files to be donwloaded. This can be set

    on
    > the individual files or on the folder. The account that needs read
    > permissions is typically either the "Network Service" or "ASPNET" account.
    >
    > We are still researching this issue and will post more information as soon
    > as we can.
    >
    > Thank you, Mike
    > Microsoft, ASP.NET Support Professional
    >
    > Microsoft highly recommends to all of our customers that they visit the
    > http://www.microsoft.com/protect site and perform the three

    straightforward
    > steps listed to improve your computer's security.
    >
    > This posting is provided "AS IS", with no warranties, and confers no

    rights.
    >
    >
    > --------------------
    > > From: "Michael Tissington" <>
    > > References: <>

    > <>
    > <Omds#>
    > <>
    > > Subject: Re: Forms Authentication to specific folders
    > > Date: Tue, 20 Jan 2004 08:13:30 -0800
    > > Lines: 38
    > > X-Priority: 3
    > > X-MSMail-Priority: Normal
    > > X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    > > Message-ID: <u$>
    > > Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > > NNTP-Posting-Host: antelope.oaklodge.com 63.67.71.5
    > > Path:

    >

    cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.
    > phx.gbl
    > > Xref: cpmsftngxa07.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:8293
    > > X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >
    > > Just as a thought, do I need to set any permissions on the folder it

    self
    > ?
    > >
    > > --
    > > Michael Tissington
    > > http://www.oaklodge.com
    > > http://www.tabtag.com
    > >
    > > "MSFT" <> wrote in message
    > > news:...
    > > > Hi Michael,
    > > >
    > > > How did you code in the Login page? Generally, we only need one line

    > > simple
    > > > code after authentication like:
    > > >
    > > > FormsAuthentication.RedirectFromLoginPage("", False)
    > > >
    > > > and there is no any special in the web.config:
    > > >
    > > > <authentication mode="Forms">
    > > > <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
    > > > protection="All" path="/" timeout="30" />
    > > > </authentication>
    > > >
    > > > <authorization>
    > > > <deny users ="?" />
    > > > <allow users = "*" />
    > > > </authorization>
    > > >
    > > > Luke
    > > > Microsoft Online Support
    > > >
    > > > Get Secure! www.microsoft.com/security
    > > > (This posting is provided "AS IS", with no warranties, and confers no
    > > > rights.)
    > > >

    > >
    > >
    > >

    >
     
    Michael Tissington, Jan 23, 2004
    #11
  12. Michael Tissington

    MSFT Guest

    Hi Michael,

    Can you show me the code you used? Including the page you request to an exe
    file, the logon page (HTML and code behind) and the web.config. We may find
    something in them.

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 23, 2004
    #12
  13. I have sent a private email

    Thanks.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "MSFT" <> wrote in message
    news:...
    > Hi Michael,
    >
    > Can you show me the code you used? Including the page you request to an

    exe
    > file, the logon page (HTML and code behind) and the web.config. We may

    find
    > something in them.
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
     
    Michael Tissington, Jan 23, 2004
    #13
  14. Hello Michael,

    Thanks very much for your follow up.

    Luke is out of office today. I have sent email to him and he will follow up
    this issue after he come back tomorrow. If you have any more concerns,
    please feel free to post here.

    Best regards,
    Yanhong Huang
    Microsoft Community Support

    Get Secure! ¨C www.microsoft.com/security
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Yan-Hong Huang[MSFT], Jan 26, 2004
    #14
  15. Thanks for the update.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "Yan-Hong Huang[MSFT]" <> wrote in message
    news:...
    > Hello Michael,
    >
    > Thanks very much for your follow up.
    >
    > Luke is out of office today. I have sent email to him and he will follow

    up
    > this issue after he come back tomorrow. If you have any more concerns,
    > please feel free to post here.
    >
    > Best regards,
    > Yanhong Huang
    > Microsoft Community Support
    >
    > Get Secure! ¨C www.microsoft.com/security
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    >
     
    Michael Tissington, Jan 26, 2004
    #15
  16. Michael Tissington

    MSFT Guest

    Hi Michael,

    I have recieved your code. After making some changes in it, it works on my
    side:

    First, we modify some in the web.config:

    <authentication mode="Forms">
    <forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
    path="/" timeout="10" />
    </authentication>
    <identity impersonate="true" />

    <authorization>
    <deny users ="?" />
    <allow users = "*" />
    </authorization>

    loginUrl="./login/login.aspx" will force it use login in right sub folder.
    With

    <authorization>
    <deny users ="?" />
    <allow users = "*" />
    </authorization>

    It will deny anonymous users.

    And in the code behind:

    private void LoginButton_Click(object sender, System.EventArgs e)
    {
    //if (Page.IsValid == true)
    //{
    //string UserID;

    //User user = new User();

    //MismatchLabel.Visible = false;

    // Check for already logged on
    //if (loginUserDetails != null)
    //{
    // Session["UserDetails"] = null;
    // loginUserDetails = null;
    // FormsAuthentication.SignOut();
    //}

    //UserID = user.Login(LogonEmailTextBox.Text,
    LogonPasswordTextBox.Text);
    //if (UserID != null)
    //{
    // Session["UserDetails"] = user.GetUserDetails(UserID);
    FormsAuthentication.RedirectFromLoginPage("*", false);
    //}
    //else
    //{
    // MismatchLabel.Visible = true;
    //}
    //}
    }

    As you see, I only keep the line
    "FormsAuthentication.RedirectFromLoginPage("*", false);". It will always
    redirect once user input a name and password. That make it work with aspx,
    exe and zip.

    Therefore, the problem on your side may be caused that this line didn't got
    executed. The posible reason is (loginUserDetails != null) or (UserID =
    null). Especially, when request is to a exe or zip file. You need to double
    check the logic of your application to make sure this.

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 27, 2004
    #16
  17. Michael Tissington

    MSFT Guest

    Hi Michael,

    I have recieved your code. After making some changes in it, it works on my
    side:

    First, we modify some in the web.config:

    <authentication mode="Forms">
    <forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
    path="/" timeout="10" />
    </authentication>
    <identity impersonate="true" />

    <authorization>
    <deny users ="?" />
    <allow users = "*" />
    </authorization>

    loginUrl="./login/login.aspx" will force it use login in right sub folder.
    With

    <authorization>
    <deny users ="?" />
    <allow users = "*" />
    </authorization>

    It will deny anonymous users.

    And in the code behind:

    private void LoginButton_Click(object sender, System.EventArgs e)
    {
    //if (Page.IsValid == true)
    //{
    //string UserID;

    //User user = new User();

    //MismatchLabel.Visible = false;

    // Check for already logged on
    //if (loginUserDetails != null)
    //{
    // Session["UserDetails"] = null;
    // loginUserDetails = null;
    // FormsAuthentication.SignOut();
    //}

    //UserID = user.Login(LogonEmailTextBox.Text,
    LogonPasswordTextBox.Text);
    //if (UserID != null)
    //{
    // Session["UserDetails"] = user.GetUserDetails(UserID);
    FormsAuthentication.RedirectFromLoginPage("*", false);
    //}
    //else
    //{
    // MismatchLabel.Visible = true;
    //}
    //}
    }

    As you see, I only keep the line
    "FormsAuthentication.RedirectFromLoginPage("*", false);". It will always
    redirect once user input a name and password. That make it work with aspx,
    exe and zip.

    Therefore, the problem on your side may be caused that this line didn't got
    executed. The posible reason is (loginUserDetails != null) or (UserID =
    null). Especially, when request is to a exe or zip file. You need to double
    check the logic of your application to make sure this.

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 27, 2004
    #17
  18. Luke,

    Using loginUrl="./login/login.aspx" (with the dot) does not work because
    sometimes i'll be directed to a login page of the form
    /download/installs/login/login.aspx adn what is required is
    /login/login.aspx (in other words starting from the root). My understanding
    is the '.' makes the path relative to the current url and not the root

    In addition after commenting out the code I still can not get past the login
    page. I have debugged my code and I correctly execute the line

    FormsAuthentication.RedirectFromLoginPage("*", false);

    But I still have the login page re displayed.

    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com

    "MSFT" <> wrote in message
    news:1%...
    > Hi Michael,
    >
    > I have recieved your code. After making some changes in it, it works on my
    > side:
    >
    > First, we modify some in the web.config:
    >
    > <authentication mode="Forms">
    > <forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
    > path="/" timeout="10" />
    > </authentication>
    > <identity impersonate="true" />
    >
    > <authorization>
    > <deny users ="?" />
    > <allow users = "*" />
    > </authorization>
    >
    > loginUrl="./login/login.aspx" will force it use login in right sub folder.
    > With
    >
    > <authorization>
    > <deny users ="?" />
    > <allow users = "*" />
    > </authorization>
    >
    > It will deny anonymous users.
    >
    > And in the code behind:
    >
    > private void LoginButton_Click(object sender, System.EventArgs e)
    > {
    > //if (Page.IsValid == true)
    > //{
    > //string UserID;
    >
    > //User user = new User();
    >
    > //MismatchLabel.Visible = false;
    >
    > // Check for already logged on
    > //if (loginUserDetails != null)
    > //{
    > // Session["UserDetails"] = null;
    > // loginUserDetails = null;
    > // FormsAuthentication.SignOut();
    > //}
    >
    > //UserID = user.Login(LogonEmailTextBox.Text,
    > LogonPasswordTextBox.Text);
    > //if (UserID != null)
    > //{
    > // Session["UserDetails"] = user.GetUserDetails(UserID);
    > FormsAuthentication.RedirectFromLoginPage("*", false);
    > //}
    > //else
    > //{
    > // MismatchLabel.Visible = true;
    > //}
    > //}
    > }
    >
    > As you see, I only keep the line
    > "FormsAuthentication.RedirectFromLoginPage("*", false);". It will always
    > redirect once user input a name and password. That make it work with aspx,
    > exe and zip.
    >
    > Therefore, the problem on your side may be caused that this line didn't

    got
    > executed. The posible reason is (loginUserDetails != null) or (UserID =
    > null). Especially, when request is to a exe or zip file. You need to

    double
    > check the logic of your application to make sure this.
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 27, 2004
    #18
  19. Michael Tissington

    MSFT Guest

    Hi Michael,

    Is it that all requests (inluding ASPX and EXE) can't pass the login form
    or only EXE file? Where is the EXE or ZIP file, in the root or a virtual
    folder? When we enter the login form, the address line of IE will be like:

    http://localhost/webapplicationtest/login/login.aspx?ReturnUrl=/webapplica
    tiontest%2fcodesamples.zip

    Did it has same url string after you click Login button and redirected to
    login form again?

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Jan 28, 2004
    #19
  20. Luke,

    Yes, after clicking Login, the login page is just display again and the URL
    has not changed.


    --
    Michael Tissington
    http://www.oaklodge.com
    http://www.tabtag.com


    "MSFT" <> wrote in message
    news:...
    > Hi Michael,
    >
    > Is it that all requests (inluding ASPX and EXE) can't pass the login form
    > or only EXE file? Where is the EXE or ZIP file, in the root or a virtual
    > folder? When we enter the login form, the address line of IE will be like:
    >
    >

    http://localhost/webapplicationtest/login/login.aspx?ReturnUrl=/webapplica
    > tiontest%2fcodesamples.zip
    >
    > Did it has same url string after you click Login button and redirected to
    > login form again?
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Michael Tissington, Jan 28, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harley
    Replies:
    1
    Views:
    676
    John Saunders
    Nov 25, 2003
  2. Jurjen de Groot
    Replies:
    0
    Views:
    434
    Jurjen de Groot
    Jan 30, 2004
  3. Jerry Morton
    Replies:
    0
    Views:
    460
    Jerry Morton
    Oct 10, 2004
  4. Adam
    Replies:
    2
    Views:
    9,832
  5. Eric
    Replies:
    2
    Views:
    606
Loading...

Share This Page