issues mixing integrated Windows authentication and anonymous on same application

Discussion in 'ASP .Net Security' started by developer, Aug 26, 2004.

  1. developer

    developer Guest

    I'm having issues mixing integrated Windows authentication and anonymous
    access on same IIS app.

    Basically, any post back event fails (Forms collection empty and control's
    event handler never called) on anonymous page when:

    1 - user opens an aspx page that requires integrated Windows authentication

    2 - user navigates to aspx page (through hyperlink, post back redirect, etc
    ....) w\ anonymous access.

    ALL server side events fail on anonymous aspx page (Forms collection
    empty...).



    This is NOT an issue when using basic authentication.

    This is NOT an issue when anonymous page is on a different web application.

    To duplicate:

    1- create two aspx pages, add then to same IIS application.
    2- set integrated windows authentication on first page and allow anonymous
    on second page (using IIS console).
    3- add hyperlink that directs browser from windows auth page to second
    anonymous access page.
    4- add button to second aspx page, wire up click event handler for this
    button.
    5- launch first page (the one w\ windows authentication ).
    6- click hyperlink to navigate to anonymous page.
    7- click button once anonymous page loaded.
    ISSUE: server side event NOT fired!
     
    developer, Aug 26, 2004
    #1
    1. Advertising

  2. developer

    [MSFT] Guest

    I also reproduced the problem. The two requests use different credentials,
    but they are in same session. I suspect this cause the problem. I will
    continue to research on this issue to confirm if this is a problem of ASP
    .NET.

    Thanks,

    Luke
     
    [MSFT], Aug 27, 2004
    #2
    1. Advertising

  3. developer

    [MSFT] Guest

    Hello,

    DId you still monitor this issue? Based on my research, the best work
    around for this issue is to place these two web form in different web
    application and grant different security setting the applications. There is
    indeed some problems when we grnat permission on page level.

    Luke
     
    [MSFT], Aug 31, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    691
  2. Will
    Replies:
    5
    Views:
    2,663
  3. Ng
    Replies:
    0
    Views:
    311
  4. Christoph Erdle
    Replies:
    0
    Views:
    166
    Christoph Erdle
    Jul 30, 2003
  5. Daniel P.
    Replies:
    0
    Views:
    164
    Daniel P.
    Oct 20, 2006
Loading...

Share This Page