Forms Authentication - weird behavior
-
I have create a website that has a Login.aspx page, a Default.aspx page and a DoSomething.aspx page. I have configured forms authentication in Web.config (pretty standard implementation) as follows: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="10" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Login.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </authentication> <authorization> <deny users="?" /> </authorization> When I run the website *without* Forms Authentication Login.aspx loads fine. When I run the website *with* Forms Authentication Login.aspx doesn't load any images or apply any styles referenced in the css files. Does this behavior sound familiar to anyone? What's the fix for this?
-
I have create a website that has a Login.aspx page, a Default.aspx page and a DoSomething.aspx page. I have configured forms authentication in Web.config (pretty standard implementation) as follows: <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="10" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Login.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </authentication> <authorization> <deny users="?" /> </authorization> When I run the website *without* Forms Authentication Login.aspx loads fine. When I run the website *with* Forms Authentication Login.aspx doesn't load any images or apply any styles referenced in the css files. Does this behavior sound familiar to anyone? What's the fix for this?
You should allow loading images and styles to unauthorized users, this is a typical prcactice. By default, ASP.NET will require authorization for all files, including images. Something like:
<location path="Images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location><location path="css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>Die Energie der Welt ist konstant. Die Entropie der Welt strebt einem Maximum zu.
-
You should allow loading images and styles to unauthorized users, this is a typical prcactice. By default, ASP.NET will require authorization for all files, including images. Something like:
<location path="Images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location><location path="css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>Die Energie der Welt ist konstant. Die Entropie der Welt strebt einem Maximum zu.
Thanks! I'll try that. I don't think it was done that way in 1.1 was it?
-
Thanks! I'll try that. I don't think it was done that way in 1.1 was it?
Ohhh, I really don't remember how it was in 1.1 1.1 was soooooo long ago..
Die Energie der Welt ist konstant. Die Entropie der Welt strebt einem Maximum zu.
-
You should allow loading images and styles to unauthorized users, this is a typical prcactice. By default, ASP.NET will require authorization for all files, including images. Something like:
<location path="Images">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location><location path="css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>Die Energie der Welt ist konstant. Die Entropie der Welt strebt einem Maximum zu.
Ok - I put the following config sections in my Web.config but I'm still getting the same behavior: <location path="images"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="css"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> I tried: allow users="*" but it didn't work so I figured I'd try: allow users="?" since the images on the Login page will need to be displayed for unauthenticated users. The structure under my website is ./resources/images/myimage.jpg with a similar structure for the css directory. .NET wouldn't let me specify a path starting with "." or "/" or ending with "/" so I ended up using the config sections above. However, the images and styles still aren't displaying.
-
Ok - I put the following config sections in my Web.config but I'm still getting the same behavior: <location path="images"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> <location path="css"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> I tried: allow users="*" but it didn't work so I figured I'd try: allow users="?" since the images on the Login page will need to be displayed for unauthenticated users. The structure under my website is ./resources/images/myimage.jpg with a similar structure for the css directory. .NET wouldn't let me specify a path starting with "." or "/" or ending with "/" so I ended up using the config sections above. However, the images and styles still aren't displaying.
No, you need "*", not "?". "*" is any user, including anonymous. "?" is anonymous. If the structure of your site is
resources/images/myimage.jpg, you should add<location path="resources/images">
Also, read about location element: http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx[^]
Die Energie der Welt ist konstant. Die Entropie der Welt strebt einem Maximum zu.
-
No, you need "*", not "?". "*" is any user, including anonymous. "?" is anonymous. If the structure of your site is
resources/images/myimage.jpg, you should add<location path="resources/images">
Also, read about location element: http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx[^]
Die Energie der Welt ist konstant. Die Entropie der Welt strebt einem Maximum zu.
Thanks! That worked.