SSL and Forms authentification

[Guest]

I have an application where I added the attribute requireSSL="false" in the
authentification elemnt in the dev environment and the apllication compile
with no problem. What I want to do is, In production, is to use forms
authentification, so when somebody clicks to view a protected page, he should
be redirected to https://myserver/login.aspx instead of
http://myserver/login.aspx

I moved this application (Copy/paste) into a Virtual directory on our
production environment. When launching the application
http://66.22.33.99/myVD I get the following error :
-------------------------------------
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below
and modify your configuration file appropriately.
Parser Error Message: Unrecognized attribute 'requireSSL'.
Source Error:
Line 33: <forms name="CommerceAuth" requireSSL="false"
loginUrl="login.aspx" protection="All" path="/" />
------------------------------------------------------------

When I take off the requireSSL it works fine.
******************************
I read in MSDN Library the following :
This element can be declared only at the machine, site, or application
level. Any attempt to declare it in a configuration file at the subdirectory
or page level will result in a parser error message.

******************************
Does a VD is considered as an application or not, otherwise what am I
missing ?
Thanks in advance

 

[Steven Cheng[MSFT]]

Hi Eliassal,

Thanks for your posting. As for the problem you mentioned, I think it is
likely that the Virutal Dir on your product server is not configured as an
application. By default an normal IIS virutal dir is not configured as
application( for ASP or ASP.NET). When we creating an asp.net via VS.NET,
the IDE will automatically mark the virutal dir as application for us. To
manually do this, we can open the virtual dir's properties panel in IIS
console , and there is a line named

"Application Name" and on its left there is a "Create" Button which can
help to create the virutal dir as an application. You can have a check to
see whether the virutal dir on your product server has this configured.'
Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Guest]

Hiand thanks for your response. Yes, my Virtual directory has a name in the
application text box near the label 'application name'
Thanks for your help
Salam

 

[Steven Cheng[MSFT]]

Thanks for your response, Salam.

Then, are you stilling suffering the problem? From my local test , the
"requireSSL" attribute should work well when we specify it in web.config 's
<forms> element. Not sure what may cause the strange behavior. But I think
you can try create a simple web application which also use
FormsAuthentication and deploy it to that server to see whether it also
suffer this issue. If you have any other findings ,please also feel free
to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Guest]

Thanks again, before doingthe test, what do you mean by 'Create siple
application'?
Do you mean
- using VS
or
-manullay opening MMC IIS, right click the web site which has several VDs,
add a new one, copy the files from the test machine and modify the web.confi?

Just to let you know that I never use VS on my prod environment and there is
no FP extensions on it

 

[Steven Cheng[MSFT]]

Thanks for your response Salam,

Since you haven't VS.NET installed on the product server, you may create
the new simple project on another machien and then manually create an VD in
the product server's IIS console and deploy that simple applicaiton into
it.
Please feel free to let me know if you got any progress or meet any new
problems. thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Steven Cheng[MSFT]]

Any further progress Salam? If there is still anything we can help, please
feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)