Forms Authentication

[Michael Tissington]

I'm having problems with Forms Authentication in a hosted environment.

On our in house server and on my development machine everything works
correctly

However in a hosted environment, when clicking on a link to any exe file in
my download\installs folder the login page is not displayed and the exe can
be downloaded without authentication.

Any ideas what could be different ?

In my web.config file I have the following bits

<authentication mode="Forms" >
<forms name="TabTagLogin" loginUrl="/login/login.aspx" protection="All"
path="/" />
</authentication>

<location path="download/installs">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
/location>

 

[Steve C. Orr [MVP, MCSD]]

Forms Authentication (by default) only protects web pages, not other file
types such as EXEs.
You can configure ASP.NET to handle these files via IIS, or you can skip
ASP.NET and just have IIS manage permissions on those.

Here's another option to store files securely and send them to the client
only once the user has been authenticated:
http://SteveOrr.net/articles/EasyUploads.aspx

 

[Steven Cheng[MSFT]]

Hi Michael,

How are you doing on this issue, does Steve's suggestions helps? If
there're anything else we can help, please feel free to post here. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


--------------------
| From: "Steve C. Orr [MVP, MCSD]" <[email protected]>
| References: <[email protected]>
| Subject: Re: Forms Authentication
| Date: Mon, 17 Oct 2005 18:11:43 -0700
| Lines: 51
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Response
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <[email protected]>
| Newsgroups:
microsoft.public.dotnet.framework.aspnet,microsoft.public.dotnet.framework.i
nterop
| NNTP-Posting-Host: dsl-66-114-148-135.isomedia.com 66.114.148.135
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.interop:10232
microsoft.public.dotnet.framework.aspnet:131974
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Forms Authentication (by default) only protects web pages, not other file
| types such as EXEs.
| You can configure ASP.NET to handle these files via IIS, or you can skip
| ASP.NET and just have IIS manage permissions on those.
|
| Here's another option to store files securely and send them to the client
| only once the user has been authenticated:
| http://SteveOrr.net/articles/EasyUploads.aspx
|
| --
| I hope this helps,
| Steve C. Orr, MCSD, MVP
| http://SteveOrr.net
|
|
| | > I'm having problems with Forms Authentication in a hosted environment.
| >
| > On our in house server and on my development machine everything works
| > correctly
| >
| > However in a hosted environment, when clicking on a link to any exe
file
| > in my download\installs folder the login page is not displayed and the
exe
| > can be downloaded without authentication.
| >
| > Any ideas what could be different ?
| >
| > In my web.config file I have the following bits
| >
| > <authentication mode="Forms" >
| > <forms name="TabTagLogin" loginUrl="/login/login.aspx" protection="All"
| > path="/" />
| > </authentication>
| >
| > <location path="download/installs">
| > <system.web>
| > <authorization>
| > <deny users="?" />
| > </authorization>
| > </system.web>
| > /location>
| >
| >
| > --
| > Michael Tissington
| > http://www.oaklodge.com
| > http://www.tabtag.com
| >
|
|
|