Why no 403 error for Forms Auth?

Discussion in 'ASP .Net' started by Brad, Dec 1, 2003.

  1. Brad

    Brad Guest

    Stupid question time: Why does Forms Auth just keep going to the login page
    when access is denied? A 403 error is never raised..at least in my testing
    it doesn't.

    If I have a particular web or just a page secured then anyone accessing the
    page, who is already authenticated but not a permitted user or perhaps not
    in a permitted role, will just keep getting the login page. If the user is
    permitted or is in the proper role they do get access (yes, I have code in
    Application_AuthenticateRequest to populate roles for the user context).
    But if using Windows Auth and Windows Roles then a 403 is raised if the user
    attempts to access a secure site or page.

    It would seem I have to use the User.IsInRole test on each secured page to
    throw an access denied error and send the user to an access denied page.
    Brad, Dec 1, 2003
    #1
    1. Advertising

  2. Brad wrote:

    > Stupid question time: Why does Forms Auth just keep going to the login page
    > when access is denied? A 403 error is never raised..at least in my testing
    > it doesn't.
    >
    > If I have a particular web or just a page secured then anyone accessing the
    > page, who is already authenticated but not a permitted user or perhaps not
    > in a permitted role, will just keep getting the login page. If the user is
    > permitted or is in the proper role they do get access (yes, I have code in
    > Application_AuthenticateRequest to populate roles for the user context).
    > But if using Windows Auth and Windows Roles then a 403 is raised if the user
    > attempts to access a secure site or page.
    >
    > It would seem I have to use the User.IsInRole test on each secured page to
    > throw an access denied error and send the user to an access denied page.
    >
    >


    My understanding is that 403 is a server code sent by IIS, meaning you
    have no access. It reads the security setup in IIS, not the forms
    authentication info. This forms authentication code is separate, and
    run after IIS hands the request off to the aspnet process (where forms
    auth happens).

    --
    Craig Deelsnyder
    Microsoft MVP - ASP/ASP.NET
    Craig Deelsnyder, Dec 1, 2003
    #2
    1. Advertising

  3. "Brad" <> wrote in message
    news:...
    > Stupid question time: Why does Forms Auth just keep going to the login

    page
    > when access is denied? A 403 error is never raised..at least in my

    testing
    > it doesn't.


    The 403 is being raised, but the Forms Authentication module sees this
    status code as it is being sent back out. It reacts to the 403 by
    redirecting to the login page.
    --
    John Saunders
    John.Saunders at SurfControl.com
    John Saunders, Dec 2, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    676
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  2. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    529
    Elton Wang
    Jan 8, 2005
  3. Mr. SweatyFinger
    Replies:
    2
    Views:
    1,766
    Smokey Grindel
    Dec 2, 2006
  4. Chris Mohan

    Configuring Windows Auth & Forms Auth in Asp.Net

    Chris Mohan, Apr 28, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    392
    Chris Mohan
    Apr 29, 2004
  5. willem joubert

    Error 403-Error 403-Error 403

    willem joubert, Feb 8, 2005, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    167
    Bruce Johnson [C# MVP]
    Feb 8, 2005
Loading...

Share This Page