Forms Authentication - context changing

G

Grzegorz Kaczor

Hello,

I have an ASP.NET application in my website in virtual folder A.
This folder contains the application itself. I also have a data virtual
directory B which contains data that can be seen by authenticated users.

I've implemented forms authentication (with application in folder
A) in a standard way. I've also set up a redirection in IIS so that
every request concerning folder B (for example GET /B/a/b/c) is
redirected to A/GetFile.aspx (so the final request is
A/GetFile.aspx/a/b/c). This way I can protect contents of the B folder
with forms authentication.

Now I use the A application to find interesting documents in folder
B. I find them and get a list of links, starting with /B... . I click on
one of them and _I have to authenticate once again_ to get access to
that file.

Is it possible to perform a redirect in the same authentication
context?

Shall the problem occur if I make B be a subdirectory of A?

Thanks
Grzegorz Kaczor
 
P

Paul Glavich [MVP ASP.NET]

I am not entirely sure that I have read your query right, but Forms Auth
works via the cookie (generally, if you using the default web.config
settings ie. cookieless=false) and the cookie is stored/named according to
your host name. So, if site A is http://SiteA and site b is http://SiteB
then the authentication will not carry across to each app.

If you do as you suggested, and make one site a sub-directory of the other
(and even a new virtual directory if you wish) then each site is accessed
using the same host name ie. http://SiteA and
http://SiteA/YourOtherDirectory and the cookie should be available to both
sites, thus you should not have to er-authenticate.
 
G

Grzegorz Kaczor

Paul said:
I am not entirely sure that I have read your query right, but Forms Auth
works via the cookie (generally, if you using the default web.config
settings ie. cookieless=false) and the cookie is stored/named according to
your host name. So, if site A is http://SiteA and site b is http://SiteB
then the authentication will not carry across to each app.

This is not exactly right. A and B are virtual directories but on the
same site, that is, addresses are http://site/A and http://site/B.

I solved the problem.

The issue was that I typed in the browser URL http://site/A and not
http://site.domain.com/A. The redirection on IIS was set to
site.domain.com. So the cookie set for site (when logging on) was not
sent after redirection.

Thanks,
Grzegorz Kaczor
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,236
Members
46,825
Latest member
VernonQuy6

Latest Threads

Top