Forms Auth. allows anyone in if server accessed locally

S

Steve R.

I am developing my ASP.NET application with VS and the ASP.NET server
on the same box. When I attempt to access protected (in web.config)
pages locally, inside or outside of VS, it incorrectly lets me in
without asking me to log in. On a remote box, it behaves correctly. I
have other apps on that server that force a logon correctly when
accessed locally. I've developed several apps on this exact same box
and this issue has never shown up before.

This is just a simple development web server. Both apps mentioned are
in the same Default Web Site, both web configs are the same. I've
stared at both of them for what seems like hours. I've checked the
settings in IIS, again, no appaarent differences. Here's the relevant
part of web.config for the app that allows complete access without a
logon:

<system.web>
<authentication mode="Forms">
<forms name="AHDAuth" loginUrl="logon.aspx" protection="All"
path="/" />
</authentication>
</system.web>

SNIP

<location path="Quote.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="SupplierInfo.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

Any help would be accepted gratefully.
 
R

ranganh

Dear Steve

Have you used Persistent Cookie? In case you use the same unless you explicitly logout, th
system would recognize if you had logged in once

It would be be better if you put the code which you use to authenticate, the formsauthentication code



----- Steve R. wrote: ----

I am developing my ASP.NET application with VS and the ASP.NET serve
on the same box. When I attempt to access protected (in web.config
pages locally, inside or outside of VS, it incorrectly lets me i
without asking me to log in. On a remote box, it behaves correctly.
have other apps on that server that force a logon correctly whe
accessed locally. I've developed several apps on this exact same bo
and this issue has never shown up before

This is just a simple development web server. Both apps mentioned ar
in the same Default Web Site, both web configs are the same. I'v
stared at both of them for what seems like hours. I've checked th
settings in IIS, again, no appaarent differences. Here's the relevan
part of web.config for the app that allows complete access without
logon

<system.web><authentication mode="Forms"><forms name="AHDAuth" loginUrl="logon.aspx" protection="All
path="/" /></authentication></system.web

SNI

<location path="Quote.aspx"><system.web><authorization><deny users="?" /></authorization></system.web></location><location path="SupplierInfo.aspx"><system.web><authorization><deny users="?" /></authorization></system.web></location

Any help would be accepted gratefully
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Configuring Windows Auth & Forms Auth in Asp.Net 2
Forms Auth/Membership & Roles Providers/Secured Directory 1
Forms Auth (roles being ignored) 0
Sitemap trimming with Forms auth (Active Directory) 4
Configuring Windows Auth & Forms Auth in Asp.Net 0
Forms auth / Location element 1
Forms Authentication: <location> authorization not bypasssing login page. 1
Forms Authentication doesn't protect specified pages. 4

Members online

No members online now.
Total: 48 (members: 0, guests: 48)
Robots: 119

Forum statistics

Threads
473,811
Messages
2,569,693
Members
45,477
Latest member
IsidroSeli

Latest Threads

Top