Forms Authentication

ChrisLee · May 4th, 2004, 10:15 AM

I am running a 2003 server with ASP.Net 1.1. It's main use is for Sharepoint team services but I also want to run normal .Net apps. When I set one up it appears to ignore the authentication in web.config and go into the app which works a treat.
Any hints??
Below is the important bit in web.config
<authentication mode="Forms">
      <forms loginUrl="Login.aspx" name=".ASPXAssetAuth" timeout="20" path="/" protection="All"/>
</authentication>
<authorization>
    <deny users="?" />
    <allow users="*" />
</authorization>

Imar · May 4th, 2004, 11:05 AM

Hi there,

This is caused by the <allow users="*" />
This basically allows all users access....

Change it to this:

<authorization>
<deny users="?" />
</authorization>

and it will work. This basically denies access to all anonymous users, so they'll be forced to log in first.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: A Certain Shade Of Green by Incubus (Track 7 from the album: S.C.I.E.N.C.E.) What's This?

ChrisLee · May 5th, 2004, 10:19 AM

Sorry, I added that in after trawling through examples of implementing forms authentication, and originally didn't have it in.

I have a feeling that sharepoint has taken control of something and won't realease it for the apps that I exclude from it's control.

Cheers,

Chris

Hal Levy · May 5th, 2004, 10:26 AM

Chris-

Have you created a seperate Virual Web Root for the sites you want to run outside of sharepoint?
Have you create a seperate "application" or Application Pool for the web site you want to run outide of sharepoint?

Hal Levy
Web Developer, PDI Inc.

NOT a Wiley/Wrox Employee

ChrisLee · May 5th, 2004, 10:31 AM

It is under the "Default Web Site" as it's own virtual directory with the application created. I have created it's own application pool using a unique user id that I have setup as being able to run services.
I have got rid of the sharepoint headders and security is set to anonymous only as I don't want them to logon to the box itself.

Chris

Hal Levy · May 5th, 2004, 11:12 AM

I'm out of ideas :).. I've never tried this.

Hal Levy
Web Developer, PDI Inc.

NOT a Wiley/Wrox Employee

ChrisLee · May 6th, 2004, 03:07 AM

I went to the Microsoft tech roadshow the other week and managed to pose this question to a guy there. He has just got back to me with the answer, and it works a treat
Put this in the web.config for the app
    <httpHandlers>
      <add verb="*" path="*.aspx"
type="System.Web.UI.PageHandlerFactory" />
    </httpHandlers>

  <httpModules>
      <add name="Session"
type="System.Web.SessionState.SessionStateModule" />
      <add name="FormsAuthentication"
type="System.Web.Security.FormsAuthenticationModul e" />
      <add name="UrlAuthorization"
type="System.Web.Security.UrlAuthorizationModule" />
    </httpModules>

They need to be reinstated for .Net apps as sharepoint does something that overrides these settings.

Also look at
http://support.microsoft.com/default...b;en-us;828810

Thanks for all you help.

Chris