Forms Security Problem

From: "Matt" <matthewr@xxxxxxxxxxxx>
Date: Tue, 7 Jun 2005 14:39:35 +0100

Ok, second issue of the day.
I have a site I am trying to protect using forms based security

My main section is public and is configured fo ranonymous access, i.e. in
the web.config file
<authentication mode="Forms"/>
<authorization>
<allow users="*"/>
</authorization>

I then copied my web.conf file to a subfolder, and changed it so that the
appropriate sections read
<authentication mode="Forms">
<forms name="cookiename" loginUrl="Login.aspx"> // File is In the subfolder
</authentication>

<authorization>
<deny users="?"/>
</authorization>

I then get an error on running "could not load type ap1.ap2.Login.aspx

I have checked that all the dlls are in the root / bin folder

I have also checked and using IIS my subfolder is configured to be an
application

A colleague vaguely remembers doing this before and needing to remove some
of the information in the web.config file, but after some trial and error I
am getting nowhere.

Any clues, or any other obvious things to check?

.

Prev by Date: Re: Checking relative url
Next by Date: Re: Storing Enums in web.config
Previous by thread: Form based security using frames
Next by thread: effecient template system
Index(es):
- Date
- Thread

Relevant Pages

Re: Back Doors
... If there are ways for nonauthorized programming to breach security, than I for one do not know of them, and they certainly would be APARable. ... It is up to management to decide who needs to be trusted, and it is important for them to make these decisions intelligently. ... That's a consequence of authorization being essentially a two tiered construct. ...
(bit.listserv.ibm-main)
RE: Unscratched tape
... AUTHORIZATION IS REQUIRED ... eTrust CA-ACF2 central security determines that your request to the ... I needed access to a scratched tape for testing. ... I went to TSO and tried to catalog it or to even see it, ...
(bit.listserv.ibm-main)
Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
... authorization a step further by building the *only* possible enterprise wide ... IPsec management infrastructure in the world, by allowing orgs to tie user ... That is the level of security desired by a lot of people. ...
(Firewall-Wizards)
RE: SQL Injection Legalities
... authorization, or in excess of authorization, and "obtain information from ... responsibility of the system developer to include security mechanisms to ... SQL injection to modify information or destroy data, ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Call Centres in India
... If a US company operating in Canada ... :Maybe you could specify the manner or kind of security required, ... biometrics and needs for passports and needs for visas for Canadians ... "authorization" and a more modern impression of it. ...
(comp.security.misc)