Re: RedirectFromLoginPage never returns to original page

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Steven Cheng[MSFT] (v-schang_at_online.microsoft.com)
Date: 02/18/05 

Date: Fri, 18 Feb 2005 03:02:08 GMT

Hi Edward,

The problem you encountered is actual caused by some combined factors. here
is some of my suggestions:

1. Each ASP.NET Web application is hosted in an IIS folder which configured
as Application. So if you make your subfolder as Application, that
subfolder become a separate application from its parent virutal dir's
application. I don't think this is what you want, so you need to remove the
"Applciation" in the subfolder.

2. The <authentication> element is per-application based ,so each
application can have only one <authentication> element in the main
web.config. However, we can have multiple
<authorization> element to define different protection rules for different
paths in our web application. So currently you have two options to resolve
your problem:

1) Still use a sub web.config in your sub dir(must remove that subdir as
Application), and also remove the <authentication> element in it, just put
your <authorization> setting in sub dir's web.config.

2)Use the <location> element in your main web.config to specify different
<authorization> settings for different paths:

#Hierarchical Configuration Architecture
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconhierarchicalconfig
urationarchitecture.asp?frame=true

If anything unclear, please feel free to post here.

Thanks & Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Relevant Pages

  • Re: Can I force 401 error when user not authenticated?
    ... > of functionality you get from windows role based authorization. ... > group membership info, a subsequent visit to a page with authorization ... > So if you want to get that going with forms based authentication then ... > Sub Application_Error ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: RedirectFromLoginPage never returns to original page
    ... There is now a single <authentication ... > subfolder become a separate application from its parent virutal dir's ... > 1) Still use a sub web.config in your sub dir(must remove that subdir as ... > #Hierarchical Configuration Architecture ...
    (microsoft.public.dotnet.framework.aspnet)
  • asp.net vulnerability
    ... From: Windows NTBugtraq Mailing List ... More details on ASP.NET vulnerability ... There has been some confusion with the ASP.NET forms authentication issue ... authorization issue, not an authentication issue. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: application pool custom identity
    ... Kerberos becomes a possibility when the web server is in a Domain, ... The problem happens when the browser/server selects Kerberos authentication, ... LocalSystem credentials will work for Kerberos; custom AppPool Identity ... Authorization. ...
    (microsoft.public.inetserver.iis)
  • Re: Kerberos OpenLDAP Frontend
    ... Jonathan Javier Cordoba Gonzalez wrote: ... but then you are mixing the authentication with the authorization. ... A KDC with passwords and LDAP ...
    (comp.protocols.kerberos)