Login control and restricted member pages

Discussion in 'ASP .Net Security' started by NickP, Nov 21, 2007.

  1. NickP

    NickP Guest

    Hi there,

    I have setup a website to use the login control and have been following
    this tutorial,

    http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx

    All of my member-only pages are stored in a directoy access that has
    annonymous access set to deny all. Unfortunately when login occurs and the
    default member page is navigated to a Windows Forms dialog appears and asks
    for my username and password, to which I have to supply my hosting
    credentials in order to see the site correctly. If I leave the entries
    blank and press cancel, I see the page but the graphics / styles to not
    load.

    Any ideas what I am doing wrong here? Many thanks for your time and
    help.

    Nick.
    NickP, Nov 21, 2007
    #1
    1. Advertising

  2. Hi Nick,

    From your description, your ASP.NET application is using Forms
    Authentication and you make one of the folder protected from
    unauthenticated user. However, you find that after you login, you will
    still get a popup window for windows credential when visit pages in a
    certain folder, correct?

    Regarding on this problem symptom, I think it is likely caused by windows
    NTFS permission limitation. By default, even you use Forms Authentication,
    ASP.NET runtime will perform file authorization checking on each aspx file
    being requested. That means it will ensure the current user(security
    account) has the permission to access that certain aspx page's physical
    file(through NTFS permission setting). For your scenario, you're using
    Forms Authentication(and assume you haven't perform impersonate in your
    web.config), the security context is your ASP.NET worker process
    identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the default
    one is "Network Service" account). Therefore, you need to make sure that
    account have the permission to access the asp.net page file(will be
    requested in your application).

    Here are some reference about ASP.NET process identity and
    authorization(include url authorization):

    #ASP.NET Process Identity
    http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx

    #Configuring ASP.NET Process Identity
    http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx

    #ASP.NET Authorization
    http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx


    If you have anything unclear, welcome to post here.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================


    This posting is provided "AS IS" with no warranties, and confers no rights.



    --------------------
    >From: "NickP" <>
    >Subject: Login control and restricted member pages
    >Date: Wed, 21 Nov 2007 16:17:38 -0000
    >
    >Hi there,
    >
    > I have setup a website to use the login control and have been

    following
    >this tutorial,
    >
    > http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx
    >
    > All of my member-only pages are stored in a directoy access that has
    >annonymous access set to deny all. Unfortunately when login occurs and

    the
    >default member page is navigated to a Windows Forms dialog appears and

    asks
    >for my username and password, to which I have to supply my hosting
    >credentials in order to see the site correctly. If I leave the entries
    >blank and press cancel, I see the page but the graphics / styles to not
    >load.
    >
    > Any ideas what I am doing wrong here? Many thanks for your time and
    >help.
    >
    >Nick.
    >
    >
    >
    Steven Cheng[MSFT], Nov 22, 2007
    #2
    1. Advertising

  3. NickP

    NickP Guest

    Hi Steven,

    I'm not quite sure I understand to be totally honest, let me give you a
    scenario,

    1. I attempt to navigate to a restricted member page without logging in
    2. The HTML of the aspx page loads fine, but I recieve a login dialog
    once for each image on the page.

    * The images folder within this restricted folder is unaccessible, but
    the root members folder isn't.

    appname/members << (anonymous set to deny all) accessible
    appname/members/images << inaccessible

    If I log in, using the login control in the app root,

    appname/login.aspx

    exactly the same thing happens. So my question is this,

    Why does the page load but not the images, regardless of the login
    status?

    The control panel suggests that both folders have *exactly* the same
    permissions set, but I cannot access any of the images. I'm just contacting
    the hosting guys to find out if they can check the NTFS permissions.

    To be honest the links you sent didn't really help me much, there was no
    clear explanation or description of my problem occuring.

    Many thanks for your time and help.

    Nick.

    "Steven Cheng[MSFT]" <> wrote in message
    news:...
    > Hi Nick,
    >
    > From your description, your ASP.NET application is using Forms
    > Authentication and you make one of the folder protected from
    > unauthenticated user. However, you find that after you login, you will
    > still get a popup window for windows credential when visit pages in a
    > certain folder, correct?
    >
    > Regarding on this problem symptom, I think it is likely caused by windows
    > NTFS permission limitation. By default, even you use Forms Authentication,
    > ASP.NET runtime will perform file authorization checking on each aspx file
    > being requested. That means it will ensure the current user(security
    > account) has the permission to access that certain aspx page's physical
    > file(through NTFS permission setting). For your scenario, you're using
    > Forms Authentication(and assume you haven't perform impersonate in your
    > web.config), the security context is your ASP.NET worker process
    > identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the default
    > one is "Network Service" account). Therefore, you need to make sure that
    > account have the permission to access the asp.net page file(will be
    > requested in your application).
    >
    > Here are some reference about ASP.NET process identity and
    > authorization(include url authorization):
    >
    > #ASP.NET Process Identity
    > http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx
    >
    > #Configuring ASP.NET Process Identity
    > http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
    >
    > #ASP.NET Authorization
    > http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx
    >
    >
    > If you have anything unclear, welcome to post here.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    >
    >
    > --------------------
    >>From: "NickP" <>
    >>Subject: Login control and restricted member pages
    >>Date: Wed, 21 Nov 2007 16:17:38 -0000
    >>
    >>Hi there,
    >>
    >> I have setup a website to use the login control and have been

    > following
    >>this tutorial,
    >>
    >> http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx
    >>
    >> All of my member-only pages are stored in a directoy access that has
    >>annonymous access set to deny all. Unfortunately when login occurs and

    > the
    >>default member page is navigated to a Windows Forms dialog appears and

    > asks
    >>for my username and password, to which I have to supply my hosting
    >>credentials in order to see the site correctly. If I leave the entries
    >>blank and press cancel, I see the page but the graphics / styles to not
    >>load.
    >>
    >> Any ideas what I am doing wrong here? Many thanks for your time and
    >>help.
    >>
    >>Nick.
    >>
    >>
    >>

    >
    NickP, Nov 22, 2007
    #3
  4. Thanks for your reply Nick,

    As you said the login dialog prompts each time the page loading a image,
    have you verified the image files's access permission(NTFS file permission)
    on that server machine? It is likely that those images file are stored in a
    protected folder. When a page display some images file, the client browser
    will send http request to download each of them after the page content is
    loaded. Thus, if the image file is protected or not accessible, browser
    will also prompt for credentials. Also, you can check the IIS log on the
    server machine and look for those access denied entries(401 error) to see
    which pages or resources cause the access denied behavior.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.



    --------------------
    >From: "NickP" <>
    >References: <#>

    <>
    >Subject: Re: Login control and restricted member pages
    >Date: Thu, 22 Nov 2007 13:41:57 -0000
    >
    >Hi Steven,
    >
    > I'm not quite sure I understand to be totally honest, let me give you

    a
    >scenario,
    >
    > 1. I attempt to navigate to a restricted member page without logging

    in
    > 2. The HTML of the aspx page loads fine, but I recieve a login dialog
    >once for each image on the page.
    >
    > * The images folder within this restricted folder is unaccessible, but
    >the root members folder isn't.
    >
    > appname/members << (anonymous set to deny all) accessible
    > appname/members/images << inaccessible
    >
    > If I log in, using the login control in the app root,
    >
    > appname/login.aspx
    >
    > exactly the same thing happens. So my question is this,
    >
    > Why does the page load but not the images, regardless of the login
    >status?
    >
    > The control panel suggests that both folders have *exactly* the same
    >permissions set, but I cannot access any of the images. I'm just

    contacting
    >the hosting guys to find out if they can check the NTFS permissions.
    >
    > To be honest the links you sent didn't really help me much, there was

    no
    >clear explanation or description of my problem occuring.
    >
    > Many thanks for your time and help.
    >
    >Nick.
    >
    >"Steven Cheng[MSFT]" <> wrote in message
    >news:...
    >> Hi Nick,
    >>
    >> From your description, your ASP.NET application is using Forms
    >> Authentication and you make one of the folder protected from
    >> unauthenticated user. However, you find that after you login, you will
    >> still get a popup window for windows credential when visit pages in a
    >> certain folder, correct?
    >>
    >> Regarding on this problem symptom, I think it is likely caused by windows
    >> NTFS permission limitation. By default, even you use Forms

    Authentication,
    >> ASP.NET runtime will perform file authorization checking on each aspx

    file
    >> being requested. That means it will ensure the current user(security
    >> account) has the permission to access that certain aspx page's physical
    >> file(through NTFS permission setting). For your scenario, you're using
    >> Forms Authentication(and assume you haven't perform impersonate in your
    >> web.config), the security context is your ASP.NET worker process
    >> identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the default
    >> one is "Network Service" account). Therefore, you need to make sure that
    >> account have the permission to access the asp.net page file(will be
    >> requested in your application).
    >>
    >> Here are some reference about ASP.NET process identity and
    >> authorization(include url authorization):
    >>
    >> #ASP.NET Process Identity
    >> http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx
    >>
    >> #Configuring ASP.NET Process Identity
    >> http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
    >>
    >> #ASP.NET Authorization
    >> http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx
    >>
    >>
    >> If you have anything unclear, welcome to post here.
    >>
    >> Sincerely,
    >>
    >> Steven Cheng
    >>
    >> Microsoft MSDN Online Support Lead
    >>
    >>
    >>
    >> ==================================================
    >>
    >> Get notification to my posts through email? Please refer to
    >>

    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >> ications.
    >>
    >>
    >>
    >> Note: The MSDN Managed Newsgroup support offering is for non-urgent

    issues
    >> where an initial response from the community or a Microsoft Support
    >> Engineer within 1 business day is acceptable. Please note that each

    follow
    >> up response may take approximately 2 business days as the support
    >> professional working with you may need further investigation to reach the
    >> most efficient resolution. The offering is not appropriate for situations
    >> that require urgent, real-time or phone-based interactions or complex
    >> project analysis and dump analysis issues. Issues of this nature are best
    >> handled working with a dedicated Microsoft Support Engineer by contacting
    >> Microsoft Customer Support Services (CSS) at
    >> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>
    >> ==================================================
    >>
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >>
    >>
    >> --------------------
    >>>From: "NickP" <>
    >>>Subject: Login control and restricted member pages
    >>>Date: Wed, 21 Nov 2007 16:17:38 -0000
    >>>
    >>>Hi there,
    >>>
    >>> I have setup a website to use the login control and have been

    >> following
    >>>this tutorial,
    >>>
    >>> http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx
    >>>
    >>> All of my member-only pages are stored in a directoy access that has
    >>>annonymous access set to deny all. Unfortunately when login occurs and

    >> the
    >>>default member page is navigated to a Windows Forms dialog appears and

    >> asks
    >>>for my username and password, to which I have to supply my hosting
    >>>credentials in order to see the site correctly. If I leave the entries
    >>>blank and press cancel, I see the page but the graphics / styles to not
    >>>load.
    >>>
    >>> Any ideas what I am doing wrong here? Many thanks for your time and
    >>>help.
    >>>
    >>>Nick.
    >>>
    >>>
    >>>

    >>

    >
    >
    >
    Steven Cheng[MSFT], Nov 26, 2007
    #4
  5. NickP

    NickP Guest

    Hi Steven,

    Fortunately the problem has been resolved now by removing the annonymous
    / deny attributes from the members directory, it redirects to the login page
    if you aren't logged in anyway. I thought that maybe it would be good to
    give that extra level of security but I guess not.

    Many thanks for your time and help.

    Nick.

    "Steven Cheng[MSFT]" <> wrote in message
    news:p...
    > Thanks for your reply Nick,
    >
    > As you said the login dialog prompts each time the page loading a image,
    > have you verified the image files's access permission(NTFS file
    > permission)
    > on that server machine? It is likely that those images file are stored in
    > a
    > protected folder. When a page display some images file, the client browser
    > will send http request to download each of them after the page content is
    > loaded. Thus, if the image file is protected or not accessible, browser
    > will also prompt for credentials. Also, you can check the IIS log on the
    > server machine and look for those access denied entries(401 error) to see
    > which pages or resources cause the access denied behavior.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    >
    >
    > --------------------
    >>From: "NickP" <>
    >>References: <#>

    > <>
    >>Subject: Re: Login control and restricted member pages
    >>Date: Thu, 22 Nov 2007 13:41:57 -0000
    >>
    >>Hi Steven,
    >>
    >> I'm not quite sure I understand to be totally honest, let me give you

    > a
    >>scenario,
    >>
    >> 1. I attempt to navigate to a restricted member page without logging

    > in
    >> 2. The HTML of the aspx page loads fine, but I recieve a login dialog
    >>once for each image on the page.
    >>
    >> * The images folder within this restricted folder is unaccessible, but
    >>the root members folder isn't.
    >>
    >> appname/members << (anonymous set to deny all) accessible
    >> appname/members/images << inaccessible
    >>
    >> If I log in, using the login control in the app root,
    >>
    >> appname/login.aspx
    >>
    >> exactly the same thing happens. So my question is this,
    >>
    >> Why does the page load but not the images, regardless of the login
    >>status?
    >>
    >> The control panel suggests that both folders have *exactly* the same
    >>permissions set, but I cannot access any of the images. I'm just

    > contacting
    >>the hosting guys to find out if they can check the NTFS permissions.
    >>
    >> To be honest the links you sent didn't really help me much, there was

    > no
    >>clear explanation or description of my problem occuring.
    >>
    >> Many thanks for your time and help.
    >>
    >>Nick.
    >>
    >>"Steven Cheng[MSFT]" <> wrote in message
    >>news:...
    >>> Hi Nick,
    >>>
    >>> From your description, your ASP.NET application is using Forms
    >>> Authentication and you make one of the folder protected from
    >>> unauthenticated user. However, you find that after you login, you will
    >>> still get a popup window for windows credential when visit pages in a
    >>> certain folder, correct?
    >>>
    >>> Regarding on this problem symptom, I think it is likely caused by
    >>> windows
    >>> NTFS permission limitation. By default, even you use Forms

    > Authentication,
    >>> ASP.NET runtime will perform file authorization checking on each aspx

    > file
    >>> being requested. That means it will ensure the current user(security
    >>> account) has the permission to access that certain aspx page's physical
    >>> file(through NTFS permission setting). For your scenario, you're using
    >>> Forms Authentication(and assume you haven't perform impersonate in your
    >>> web.config), the security context is your ASP.NET worker process
    >>> identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the
    >>> default
    >>> one is "Network Service" account). Therefore, you need to make sure that
    >>> account have the permission to access the asp.net page file(will be
    >>> requested in your application).
    >>>
    >>> Here are some reference about ASP.NET process identity and
    >>> authorization(include url authorization):
    >>>
    >>> #ASP.NET Process Identity
    >>> http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx
    >>>
    >>> #Configuring ASP.NET Process Identity
    >>> http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
    >>>
    >>> #ASP.NET Authorization
    >>> http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx
    >>>
    >>>
    >>> If you have anything unclear, welcome to post here.
    >>>
    >>> Sincerely,
    >>>
    >>> Steven Cheng
    >>>
    >>> Microsoft MSDN Online Support Lead
    >>>
    >>>
    >>>
    >>> ==================================================
    >>>
    >>> Get notification to my posts through email? Please refer to
    >>>

    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >>> ications.
    >>>
    >>>
    >>>
    >>> Note: The MSDN Managed Newsgroup support offering is for non-urgent

    > issues
    >>> where an initial response from the community or a Microsoft Support
    >>> Engineer within 1 business day is acceptable. Please note that each

    > follow
    >>> up response may take approximately 2 business days as the support
    >>> professional working with you may need further investigation to reach
    >>> the
    >>> most efficient resolution. The offering is not appropriate for
    >>> situations
    >>> that require urgent, real-time or phone-based interactions or complex
    >>> project analysis and dump analysis issues. Issues of this nature are
    >>> best
    >>> handled working with a dedicated Microsoft Support Engineer by
    >>> contacting
    >>> Microsoft Customer Support Services (CSS) at
    >>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>>
    >>> ==================================================
    >>>
    >>>
    >>> This posting is provided "AS IS" with no warranties, and confers no
    >>> rights.
    >>>
    >>>
    >>>
    >>> --------------------
    >>>>From: "NickP" <>
    >>>>Subject: Login control and restricted member pages
    >>>>Date: Wed, 21 Nov 2007 16:17:38 -0000
    >>>>
    >>>>Hi there,
    >>>>
    >>>> I have setup a website to use the login control and have been
    >>> following
    >>>>this tutorial,
    >>>>
    >>>> http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx
    >>>>
    >>>> All of my member-only pages are stored in a directoy access that has
    >>>>annonymous access set to deny all. Unfortunately when login occurs and
    >>> the
    >>>>default member page is navigated to a Windows Forms dialog appears and
    >>> asks
    >>>>for my username and password, to which I have to supply my hosting
    >>>>credentials in order to see the site correctly. If I leave the entries
    >>>>blank and press cancel, I see the page but the graphics / styles to not
    >>>>load.
    >>>>
    >>>> Any ideas what I am doing wrong here? Many thanks for your time and
    >>>>help.
    >>>>
    >>>>Nick.
    >>>>
    >>>>
    >>>>
    >>>

    >>
    >>
    >>

    >
    NickP, Nov 27, 2007
    #5
  6. Thanks for your reply Nick,

    Glad that you have got it resolved.

    Have a good day!

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "NickP" <>
    >References: <#>

    <>
    <>
    <>
    >Subject: Re: Login control and restricted member pages
    >Date: Tue, 27 Nov 2007 16:31:43 -0000
    >
    >Hi Steven,
    >
    > Fortunately the problem has been resolved now by removing the

    annonymous
    >/ deny attributes from the members directory, it redirects to the login

    page
    >if you aren't logged in anyway. I thought that maybe it would be good to
    >give that extra level of security but I guess not.
    >
    > Many thanks for your time and help.
    >
    >Nick.
    >
    >"Steven Cheng[MSFT]" <> wrote in message
    >news:p...
    >> Thanks for your reply Nick,
    >>
    >> As you said the login dialog prompts each time the page loading a image,
    >> have you verified the image files's access permission(NTFS file
    >> permission)
    >> on that server machine? It is likely that those images file are stored

    in
    >> a
    >> protected folder. When a page display some images file, the client

    browser
    >> will send http request to download each of them after the page content is
    >> loaded. Thus, if the image file is protected or not accessible, browser
    >> will also prompt for credentials. Also, you can check the IIS log on the
    >> server machine and look for those access denied entries(401 error) to see
    >> which pages or resources cause the access denied behavior.
    >>
    >> Sincerely,
    >>
    >> Steven Cheng
    >>
    >> Microsoft MSDN Online Support Lead
    >>
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >>
    >>
    >> --------------------
    >>>From: "NickP" <>
    >>>References: <#>

    >> <>
    >>>Subject: Re: Login control and restricted member pages
    >>>Date: Thu, 22 Nov 2007 13:41:57 -0000
    >>>
    >>>Hi Steven,
    >>>
    >>> I'm not quite sure I understand to be totally honest, let me give

    you
    >> a
    >>>scenario,
    >>>
    >>> 1. I attempt to navigate to a restricted member page without logging

    >> in
    >>> 2. The HTML of the aspx page loads fine, but I recieve a login

    dialog
    >>>once for each image on the page.
    >>>
    >>> * The images folder within this restricted folder is unaccessible,

    but
    >>>the root members folder isn't.
    >>>
    >>> appname/members << (anonymous set to deny all) accessible
    >>> appname/members/images << inaccessible
    >>>
    >>> If I log in, using the login control in the app root,
    >>>
    >>> appname/login.aspx
    >>>
    >>> exactly the same thing happens. So my question is this,
    >>>
    >>> Why does the page load but not the images, regardless of the login
    >>>status?
    >>>
    >>> The control panel suggests that both folders have *exactly* the same
    >>>permissions set, but I cannot access any of the images. I'm just

    >> contacting
    >>>the hosting guys to find out if they can check the NTFS permissions.
    >>>
    >>> To be honest the links you sent didn't really help me much, there was

    >> no
    >>>clear explanation or description of my problem occuring.
    >>>
    >>> Many thanks for your time and help.
    >>>
    >>>Nick.
    >>>
    >>>"Steven Cheng[MSFT]" <> wrote in message
    >>>news:...
    >>>> Hi Nick,
    >>>>
    >>>> From your description, your ASP.NET application is using Forms
    >>>> Authentication and you make one of the folder protected from
    >>>> unauthenticated user. However, you find that after you login, you will
    >>>> still get a popup window for windows credential when visit pages in a
    >>>> certain folder, correct?
    >>>>
    >>>> Regarding on this problem symptom, I think it is likely caused by
    >>>> windows
    >>>> NTFS permission limitation. By default, even you use Forms

    >> Authentication,
    >>>> ASP.NET runtime will perform file authorization checking on each aspx

    >> file
    >>>> being requested. That means it will ensure the current user(security
    >>>> account) has the permission to access that certain aspx page's physical
    >>>> file(through NTFS permission setting). For your scenario, you're using
    >>>> Forms Authentication(and assume you haven't perform impersonate in your
    >>>> web.config), the security context is your ASP.NET worker process
    >>>> identity(in IIS5, the default one is MACHINE\ASPNET, in IIS6, the
    >>>> default
    >>>> one is "Network Service" account). Therefore, you need to make sure

    that
    >>>> account have the permission to access the asp.net page file(will be
    >>>> requested in your application).
    >>>>
    >>>> Here are some reference about ASP.NET process identity and
    >>>> authorization(include url authorization):
    >>>>
    >>>> #ASP.NET Process Identity
    >>>> http://msdn2.microsoft.com/en-us/library/aa291339(VS.71).aspx
    >>>>
    >>>> #Configuring ASP.NET Process Identity
    >>>> http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
    >>>>
    >>>> #ASP.NET Authorization
    >>>> http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx
    >>>>
    >>>>
    >>>> If you have anything unclear, welcome to post here.
    >>>>
    >>>> Sincerely,
    >>>>
    >>>> Steven Cheng
    >>>>
    >>>> Microsoft MSDN Online Support Lead
    >>>>
    >>>>
    >>>>
    >>>> ==================================================
    >>>>
    >>>> Get notification to my posts through email? Please refer to
    >>>>

    >>

    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >>>> ications.
    >>>>
    >>>>
    >>>>
    >>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent

    >> issues
    >>>> where an initial response from the community or a Microsoft Support
    >>>> Engineer within 1 business day is acceptable. Please note that each

    >> follow
    >>>> up response may take approximately 2 business days as the support
    >>>> professional working with you may need further investigation to reach
    >>>> the
    >>>> most efficient resolution. The offering is not appropriate for
    >>>> situations
    >>>> that require urgent, real-time or phone-based interactions or complex
    >>>> project analysis and dump analysis issues. Issues of this nature are
    >>>> best
    >>>> handled working with a dedicated Microsoft Support Engineer by
    >>>> contacting
    >>>> Microsoft Customer Support Services (CSS) at
    >>>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>>>
    >>>> ==================================================
    >>>>
    >>>>
    >>>> This posting is provided "AS IS" with no warranties, and confers no
    >>>> rights.
    >>>>
    >>>>
    >>>>
    >>>> --------------------
    >>>>>From: "NickP" <>
    >>>>>Subject: Login control and restricted member pages
    >>>>>Date: Wed, 21 Nov 2007 16:17:38 -0000
    >>>>>
    >>>>>Hi there,
    >>>>>
    >>>>> I have setup a website to use the login control and have been
    >>>> following
    >>>>>this tutorial,
    >>>>>
    >>>>> http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx
    >>>>>
    >>>>> All of my member-only pages are stored in a directoy access that

    has
    >>>>>annonymous access set to deny all. Unfortunately when login occurs and
    >>>> the
    >>>>>default member page is navigated to a Windows Forms dialog appears and
    >>>> asks
    >>>>>for my username and password, to which I have to supply my hosting
    >>>>>credentials in order to see the site correctly. If I leave the entries
    >>>>>blank and press cancel, I see the page but the graphics / styles to not
    >>>>>load.
    >>>>>
    >>>>> Any ideas what I am doing wrong here? Many thanks for your time

    and
    >>>>>help.
    >>>>>
    >>>>>Nick.
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>
    >>>
    >>>

    >>

    >
    >
    >
    Steven Cheng[MSFT], Nov 28, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. SamIAm
    Replies:
    1
    Views:
    458
    Ed Gibbs
    Dec 4, 2003
  2. Magnus Blomberg

    Simple website with open and restricted area

    Magnus Blomberg, Feb 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,007
    Magnus Blomberg
    Feb 20, 2006
  3. Oli Filth
    Replies:
    1
    Views:
    444
    ...D.
    Jan 29, 2005
  4. nialltimpson

    restricted pages.

    nialltimpson, Mar 1, 2005, in forum: HTML
    Replies:
    2
    Views:
    374
    nialltimpson
    Mar 1, 2005
  5. Replies:
    3
    Views:
    181
    Dominick Baier [DevelopMentor]
    May 13, 2006
Loading...

Share This Page