Virtual Directory doesn't recognize auth ticket!

Discussion in 'ASP .Net Security' started by Alioop via .NET 247, May 5, 2004.

  1. Someone, please help!

    I have a website is using forms authentication. A user must beauthenticated to access any part of the website. This workscorrectly except in a subdirectory that is actually a virtualdirectory set up in IIS. Users can never correctly access thefiles in the virtual subdirectory, whether authenticated or not,so it seems as if the subdirectory doesn't recognize the authticket.

    Here is my web.config file:
    -------------------------------------
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    >

    <system.web>
    <pages enableViewState="false"/>
    <compilation defaultLanguage="c#" debug="true" />
    <customErrors mode="RemoteOnly" defaultRedirect="/error.aspx"/>

    <!-- AUTHENTICATION -->
    <authentication mode="Forms">
    <forms name="ProtectMe"
    loginUrl="/login.aspx"
    protection="All"
    timeout="60"
    path="/"
    slidingExpiration="true">
    </forms>
    </authentication>

    <!-- AUTHORIZATION -->
    <authorization>
    <deny users="?" />
    </authorization>


    <!-- APPLICATION-LEVEL TRACE LOGGING -->
    <trace enabled="false" requestLimit="10" pageOutput="false"traceMode="SortByTime" localOnly="true" />


    <!-- SESSION STATE SETTINGS -->
    <sessionState
    mode="SQLServer"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=xxx;userid=xxx;password=xxx"
    cookieless="false"
    timeout="20"
    />

    <!-- GLOBALIZATION -->
    <globalization requestEncoding="utf-8"responseEncoding="utf-8" />
    </system.web>
    </configuration>
    ----------------------------------


    If I add this to the web.config file, users can always get in.
    <location path="vdocs">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>

    What I would like is for users to be allowed access only whenthey are authenticated, as with the rest of the site. Doesanyone have any tips?

    I've also tried <deny users="?" />, <allow users="?" />, <denyusers="*" />

    Any help is greatly appreciated.

    -----------------------
    Posted by a user from .NET 247 (http://www.dotnet247.com/)

    <Id>9RY45k2IEka7tYAdKrsfvA==</Id>
     
    Alioop via .NET 247, May 5, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Perecli Manole

    how to prevent auth ticket expiration

    Perecli Manole, Jul 27, 2005, in forum: ASP .Net
    Replies:
    13
    Views:
    1,827
    Brock Allen
    Jul 31, 2005
  2. Peter Rilling
    Replies:
    1
    Views:
    864
    bruce barker \(sqlwork.com\)
    Aug 3, 2006
  3. bogdan
    Replies:
    2
    Views:
    320
    bogdan
    Mar 31, 2008
  4. Keith

    forms auth ticket expiration

    Keith, Apr 6, 2009, in forum: ASP .Net
    Replies:
    2
    Views:
    445
    Keith
    Apr 6, 2009
  5. Thomas Fujita
    Replies:
    1
    Views:
    307
    Kenny
    Oct 22, 2003
Loading...

Share This Page