application security Hierarchy
From: MW (anonymous_at_discussions.microsoft.com)
Date: 09/07/04
- Next message: Shiva: "Re: datalist formatting"
- Previous message: Don Kim: "Query Problems"
- In reply to: MW: "application security"
- Next in thread: chanmmn: "Re: application security Hierarchy"
- Reply: chanmmn: "Re: application security Hierarchy"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Sep 2004 07:52:33 -0700
Well I guess I'll try to re-iterate this a bit.
so at http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
Within http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Security/UserInformation.as
px
'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security
In that security folder I have another web.config file
that contains <u>only</u>:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
(I may be missing something in there).
So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.
I hope that clears up my issue so that someone can help
me.
Thanks.
>-----Original Message-----
>Hi,
>
>I'm trying to secure my application.
>
>I'm using forms authentication and I check passwords
>against a database.
>
>I have a login.aspx page in the root of my application,
>pages that I want to restrict access to are in a folder
>below the root called 'secure'.
>
>I have a web.config in the 'secure' folder with only
>(I've tried having <allow users="*"/> after the deny,
but
>it didn't help)
><?xml version="1.0" encoding="utf-8" ?>
><configuration>
> <system.web>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
></configuration>
>
>The web.config in my root has an authentication section
>as such:
><authentication mode="Forms">
> <forms name=".ASPXAUTH"
>loginUrl="login.aspx" path="/" protection="All"
>timeout="60" />
> </authentication>
>
> <authorization>
> <deny users="?" />
> </authorization>
>
>When I login, it goes to my default page, but when I try
>to click a link to another page, I get redirected to the
>login page.
>
>Obviously, I'm missing something somewhere.
>
>Any help is appreciated. Thanks.
>.
>
- Next message: Shiva: "Re: datalist formatting"
- Previous message: Don Kim: "Query Problems"
- In reply to: MW: "application security"
- Next in thread: chanmmn: "Re: application security Hierarchy"
- Reply: chanmmn: "Re: application security Hierarchy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
