Graphics files with Forms Based Authentication

Discussion in 'ASP .Net Security' started by Jason - MCSD, Feb 9, 2007.

  1. Jason - MCSD

    Jason - MCSD Guest

    I am able to implement Forms Based Authentication successfully, following the
    example in this link:
    http://support.microsoft.com/kb/326340/

    Although functional, the resulting page (logon.aspx) is plain vanilla. I
    just want to dress it up by adding a company logo to this logon page. So, I
    added an image element to the page. The image never displays before a user
    logs into the website. Interestingly, after the user has been authenticated
    and attempts to access logon.aspx, the company logo is displayed. It's as if
    all files in the secured directory (including the images) cannot be accessed
    until the user has been successfully authenticated.

    OK, I understand the concept. "Secure the files until after a user has been
    authenticated." Seems like a Catch-22 to me. How would you dress up a logon
    page in this context?
    Jason - MCSD, Feb 9, 2007
    #1
    1. Advertising

  2. put the images in a separate folder and add a location element to web.config,
    e.g.

    <location path="images">
    <system.web>
    <autorization>
    <allow users="*" />


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I am able to implement Forms Based Authentication successfully,
    > following the
    > example in this link:
    > http://support.microsoft.com/kb/326340/
    > Although functional, the resulting page (logon.aspx) is plain vanilla.
    > I just want to dress it up by adding a company logo to this logon
    > page. So, I added an image element to the page. The image never
    > displays before a user logs into the website. Interestingly, after
    > the user has been authenticated and attempts to access logon.aspx, the
    > company logo is displayed. It's as if all files in the secured
    > directory (including the images) cannot be accessed until the user has
    > been successfully authenticated.
    >
    > OK, I understand the concept. "Secure the files until after a user
    > has been authenticated." Seems like a Catch-22 to me. How would you
    > dress up a logon page in this context?
    >
    Dominick Baier, Feb 9, 2007
    #2
    1. Advertising

  3. Jason - MCSD

    Jason - MCSD Guest

    Dominick,

    Thanks for the timely and relevant response! This worked perfectly.

    -Jason



    "Dominick Baier" wrote:

    > put the images in a separate folder and add a location element to web.config,
    > e.g.
    >
    > <location path="images">
    > <system.web>
    > <autorization>
    > <allow users="*" />
    >
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
    >
    > > I am able to implement Forms Based Authentication successfully,
    > > following the
    > > example in this link:
    > > http://support.microsoft.com/kb/326340/
    > > Although functional, the resulting page (logon.aspx) is plain vanilla.
    > > I just want to dress it up by adding a company logo to this logon
    > > page. So, I added an image element to the page. The image never
    > > displays before a user logs into the website. Interestingly, after
    > > the user has been authenticated and attempts to access logon.aspx, the
    > > company logo is displayed. It's as if all files in the secured
    > > directory (including the images) cannot be accessed until the user has
    > > been successfully authenticated.
    > >
    > > OK, I understand the concept. "Secure the files until after a user
    > > has been authenticated." Seems like a Catch-22 to me. How would you
    > > dress up a logon page in this context?
    > >

    >
    >
    >
    Jason - MCSD, Feb 9, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,408
    Tommy
    Feb 13, 2004
  2. - Steve -
    Replies:
    1
    Views:
    358
    Steve C. Orr [MVP, MCSD]
    Jun 21, 2004
  3. Rob R. Ainscough
    Replies:
    1
    Views:
    3,548
    Rob R. Ainscough
    May 30, 2006
  4. Keltex
    Replies:
    1
    Views:
    388
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    467
Loading...

Share This Page