Getting forms auth challenge

[MarkMurphy]

I'm implementing forms authentication on a site and can't get the
redirection to the login page to work happen. It is behaving as
though still doing windows authentication.

In web.config:

<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH"
protection="All"/>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application. You can allow or deny access
to application resources by user or role. Wildcards: "*"
mean everyone, "?" means anonymous
(unauthenticated) users.
-->

<authorization>
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>


Am I missing something?

Thanks in advance, Mark

 

[Jim Cheshire [MSFT]]

Mark,

You are allowing everyone to the site. Therefore, no one needs to
authenticate. You need to change your <authorization> section as follows:

<authorization>
<deny users="?" />
<allow users="*" />
</authorization>


Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

 

[MarkMurphy]

Thanks Jim,

I think you meant:

<deny users="?" />
<allow users="*" />

However it's still not redirecting unauthenticated users to
login.aspx. Also it appears that no cookie is being written on a
successful login, though I've verified that this code executes:

//Create an authentication ticket to store in a cookie
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, //Version - change to invalidate cookies
u.UserName,
DateTime.Now, //Authentication time
DateTime.Now.AddMinutes(SessionTimeout), //Time stay authenticated
false, //No persistent cookie
""); //User data

string encryptedTicket = FormsAuthentication.Encrypt(ticket);

Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket));

string redirectUrl = FormsAuthentication.GetRedirectUrl(u.UserName,
false);

FormsAuthentication.SetAuthCookie(u.UserName, false);

-Mark

 

[Jim Cheshire [MSFT]]

Murphy,

You've just repeated the same tags I gave you.

If it's still not working, I suggest you refer to the following article.
If it still won't work after that, your best bet is to open a case with us
for further troubleshooting.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;301240

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.


--------------------

 

[MarkMurphy]

That was rather lame of me ;-)

It's interesting, the redirect is working as expected when I move the
code and pages to a testing system. However, on my development
machine no redirect occurs. The web.config is the same on both
systems.

Ideas?

-Mark

 

[Yan-Hong Huang[MSFT]]

Hello Mark,

If the exactly same codes and pages work on another system, we may consider
something is not installed correctly on your development machine.

Firstly we may think of remapping asp.net on the system. Please refer to
the following article:
"How To Repair IIS Mapping After You Remove and Reinstall IIS"
http://support.microsoft.com/?kbid=306005

If the problem is staill there, we may consider to reinstall .NET framework.

Thanks.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[MarkMurphy]

Hi again.

Thanks for you input. For whatever reason the forms auth is working on
both development and stage systems now. I'm not sure what the problem
was.

-Mark

 

[Yan-Hong Huang[MSFT]]

Hi Mark,

Thanks very much for your update. Anyway, I am glad that the form is
working on both machines now. This problem seems strange. Next time if you
met similar problems, my suggestion for you is to compart setting in
different machines. Further more, we can try reinstall some key components
to see if it helps.

If there is any more questions on asp.net programming, please feel free to
post in the group. We are here to support you at your convenience. Thanks
again for participating the commmynity.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.