A
Alexio
Hi all,
I'm tryiing to set up security for a ASP.NET web application in order to
force all the users to go to a login page with an SSL connection. After the
authentication the users would go to the original page they are looking for
without SSL encrpytion.
So the flow should be:
1. user go to http://myserver/page1.aspx
2. user is redirect to https://myserver/login.aspx by the form
authentication
3. user insert its credentials in the login.aspx and submit to the server
4. the web server authenticates the user and redirect him to
http://myserver/page1.aspx
Obviously everything is working fine if I remove the SSL on the step 2.
I get the following error between the steps 1 and 2 (just after I click
'yes' in order to accept the certificate that it was created in a fake PKI):
Server Error in '/WebApplication1' Application.
----------------------------------------------------------------------------
----
Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.
Error message 401.2.: Access is denied because of the Web server's
configuration. Contact the Web server's administrator for help.
In the web.config I put these lines:
<authentication mode="Forms">
<forms name="ProgAspNetCookie" protection="All"
timeout="20"
path="/" loginUrl="https://localhost/WebApplication1/WebForm1.aspx"
/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
If the loginUrl is changed to "WebForm1.aspx" everything works fine (as said
before).
Any suggestion?
TIA
Alexio
I'm tryiing to set up security for a ASP.NET web application in order to
force all the users to go to a login page with an SSL connection. After the
authentication the users would go to the original page they are looking for
without SSL encrpytion.
So the flow should be:
1. user go to http://myserver/page1.aspx
2. user is redirect to https://myserver/login.aspx by the form
authentication
3. user insert its credentials in the login.aspx and submit to the server
4. the web server authenticates the user and redirect him to
http://myserver/page1.aspx
Obviously everything is working fine if I remove the SSL on the step 2.
I get the following error between the steps 1 and 2 (just after I click
'yes' in order to accept the certificate that it was created in a fake PKI):
Server Error in '/WebApplication1' Application.
----------------------------------------------------------------------------
----
Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.
Error message 401.2.: Access is denied because of the Web server's
configuration. Contact the Web server's administrator for help.
In the web.config I put these lines:
<authentication mode="Forms">
<forms name="ProgAspNetCookie" protection="All"
timeout="20"
path="/" loginUrl="https://localhost/WebApplication1/WebForm1.aspx"
/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
If the loginUrl is changed to "WebForm1.aspx" everything works fine (as said
before).
Any suggestion?
TIA
Alexio