.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Mixed authorization on one webiste

Posted By:      Posted Date: September 08, 2010    Points: 0   Category :ASP.Net
I have an ASP.NET application that can be installed with either Forms Authentication or Windows Authentication.  All of my customers install using Windows Authentication.  I use Forms Authentication in-house as it is easier for me to work with different clients.  But enough about that. I have a module as part of my application for Mobile Users.  It displays a very simple HTML interface for low bandwith phones and air cards.  It seems that some phones when going to this type of site that is Windows Authentication, it throws an error saying that you aren't authorized to view the page.  From a computer, it will ask for credentials. What I would like to do is use Windows Authentication Or Forms for my Main Application, but in the MOBILE folder, it would be nice if I could use FORMS Authentication.  Can I mix the two?  Can I just add a Web.Config to the folder for the Mobile Files and put FORMS Authentication? The only other way I thought of doing this is: 1)  create a seperate installable application that is always FORMS Authentication that is not part of the main application.  Which sucks, as I now have to manage two applications. 2) In the main Web.Config I can set that folder to have no authentication and it will be avail to anyone, and then enforce my own authentication

View Complete Post

More Related Resource Links

URL Authorization



I have 2 tables with foreign key and other requrired things to get the use data from the logged in user name.

When i visit the page that should shows the logged in user name information, I get the error of return nothing nullexception etc...

I did set the url authorization on this page and now getting (unauthorized access)

I used the login page with login control and from its propreties i did made a destination page is the (information.aspx) it is the page i want to show the user data and did the url authorization on it and it should be permitted for that specific logged in user, but even when i logged in, i still getting the (aunothrized access). 

How can i let this page knows that i am already logged in and accept me as a logged user and same as the one i gave the permit to it in the web.config?


Claims-Based Apps: Claims-Based Authorization with WIF


Over the past few years, federated security models and claims-based access control have become increasingly popular. Platform tools in this area have also come a long way. Windows Identity Foundation (WIF) is a rich identity model framework designed for building claims-based applications and services and for supporting active and passive federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine November 2009

Service Station: Authorization In WCF-Based Services


Windows Communication Foundation (WCF) provides an easy role-based system and a more powerful and complex claims-based API for implementing authorization in services.

Dominick Baier and Christian Weyer

MSDN Magazine October 2008

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager


Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003

How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


SSRS 2005 "Mixed" Authentication Mode


I have a web application where users can authenticate using either SiteMinder or Windows domain accounts.  This is actually configured as two separate virtual directories within IIS 6.  Both applications need to use the same instance of SSRS.  Is it possible to configure the SSRS web application so that if a user is authenticated by SiteMinder it impersonates a Windows account, but if they are already Windows-authenticated that account is used instead?

How to enable Mixed authentication for single webapplication in sharepoint 2007?


Hi All,

      I have requiremnt to enable Mixed mode ( Windows & Forms Based) authentication on Single web application( with out extending). I have done it in Sharepoint server 2010, It is so simple also. But my requirement is on Moss 2007. I have found some Post and gone through Those posts, in those posts, all are suggesting to extend the default webapllication and enabling forms authentication on extending/Default application another one is on Wondows authentication.

  Is it way to suggest the client or any other alternative to enable the mixed mode authentication?

please suggest me with right solution. Thank you in advance.

Thanks & regards,

Naresh Kapa.


require guideline for 'Role-based authentication/authorization'



In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.

I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.

If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own? Can anyone please give the proper steps on how to acheive this?

Mixed Mode application suddenly stops loading assemblies

I have a mixed modes application that will occasionally stop executing managed code assemblies after a Windows update. This has been occurring for over a month now so I have not been able to identify any particular update as the problem. We see the problem predominately on XPSP3 but have also seen several times on Vista and once or twice on 7. On a machine that stops working the Fusion log will show a file not found error on the last assembly loaded. LOG: This bind starts in default load context. LOG: No application configuration file found. LOG: Using machine configuration file from c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config. LOG: Post-policy reference: AProvider.Data.SqlClient.resources, Version=, Culture=en, PublicKeyToken=c84cd5c63851e072 LOG: The same bind was seen before, and was failed with hr = 0x80070002. ERR: Unrecoverable error occurred during pre-download check (hr = 0x80070002). If I delete this assembly, the application will run although not correctly since the data layer has been removed but it does execute as expected instead of hanging. If we run Procmon and watch the probes the correct folders are searched and the images show as loading. But execution fails, either the application hangs or exits. If we move the assemblies to a 'special' folder such as Program Files or Documents, regasm the p

XMLSerializer don't handle mixed contents properly

mixed content model allows a combination of text and elements in the XML document. we use .net xmlserializer to serialize/deserialize the XML. XmlSerializer don't handle mixed content properly. XmlSerializer handles mixed content models to a degree. XmlSerializer add the text in the xml document, but the position of text is not exactly where they appeared in the original XML document. Let's take a example here is original xml <employee xmlns="http://example.org/xmlserializer">   here is some text...   <id>333-33-3333</id>   here is some more...   <name>Bob Smith</name>   and here is even more... </employee> We deserialize above xml using the xmlserializer then we serialize it back into xml. Now xml document is changed as follows <employee xmlns="http://example.org/xmlserializer">    <id>333-33-3333</id>   <name>Bob Smith</name>   here is some text...   here is some more...    and here is even more... </employee> You see the position of text is changed. I have seen the Microsoft code to serialize/deserialize the xml through reflector. They put text in a string array but position is not saved. Is there any solution or workaround? I don't want to parse the xml by xmlReader. I want fix in the Microsoft generated classes that ar

"Mixed mode assembly is built against version 'v2.0.50727'.... " issue and use custom config file

Hi, My Winform applilcation has used Microsoft.SqlServer.Management.Common namespace(assembly :Microsoft.Sqlserver.smo.dll/Microsoft.Sqlserver.ConnectionInfo.dll) and developed in .NET 4.0. Problem:Application is throw an exception when it tries to use above assembly reference methods. Full error text is shown below, "Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information. " Error is resolved when we include "app.config" file with below code, <?xml version="1.0"?> <configuration> <startup useLegacyV2RuntimeActivationPolicy="true"> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> But, I need to keep configuration file as "renamed.config" and not to include app.config file as of the project requirement.I have set configuration file as "renamed.config" file using below code, //AppDomain.CurrentDomain.SetData("APP_CONFIG_FILE", "d:\\reanmed.config" ); I have also included <Startup> element in this "renamed.config" configuration file and removed the app.config file.But it raise me below error, it always expect app.config file with <Startup> element to resolve this iss

Mixed Mode assemblies

Does anyone have a good tutorial on how to make the compiler package a mixed-mode assembly?  Specifically:I have a piece of non-trivial C code maintained externally.  I would like to compile that and distribute it with a managed wrapper in a single assembly.  Im looking at the build files for a project which does something similar but right now im at a loss as to how to set this up. 

Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in t

First, yes I've read every article I can find including this one: http://msmvps.com/blogs/rfennell/archive/2010/03/27/mixed-mode-assembly-is-built-against-version-v2-0-50727-error-using-net-4-development-web-server.aspx Of course it's for web server stuff, but I found this in my config file and added it. However, my problem now is that if I build in release mode I get a hard error in the error list telling me the same thing, even though it runs fine in debug and has the information in my app.config file. The really anoying part is that the error doesn't tell you WHICH assembly is the offending one. Anyone have any ideas?

Using ONLY User Certificates for SharePoint 2010 Authentication/Authorization

  Hello, I am relatively new to SharePoint, and was wondering how I can accomplish using only user certificates to authenticate (and eventually authorize) access to the SharePoint 2010 Server (not just IIS). My Environment currently looks like this:  - SharePoint is SSL-enabled - User Browser Certificates (generated using OpenSSL) successfully authenticate to the IIS Server - SharePoint uses Basic Authentication (user/password based on AD credentials) I need to: - Authenticate the user to SharePoint using the User Certificate from my browser (in other words, no password authentication to access the SharePoint website, but use the certificate that was used by iis to be able to log into SharePoint) I am assuming I must use some sort of claims-based authentication.  Ideally, I would like to use ONLY the certification itself as a source of Authorized Repository for authentication. However, I am also open to having the user certificate be linked to Active Directory users as well.  I have done some research on this but am still lost as to how to approach this problem. Is there anyone that has done this or can assist me in getting this to work? Any help would be greatly appreciated. Thanks!  

WCF IP authentication / authorization

I need to secure my WCF web service.  I wish to only allow messages coming from a certain IP to make calls to my web services.  Is there a way to detect the client's IP address and permit or not permit the message call to be made from the web service level?  What would be the best way of doing this? I cannot use IIS to filter out IP's because my web service sits behind a reverse proxy so all traffic hitting the web server has the same IP address.  Thanks DW

Web service authentiation when mixed authentication methods are used

I am trying to pull data from the list.asmx web service from a console application. I am using clams based authentication, and whenever only integrated Windows Authentiation is checked everything works fine. Whenever I also check Enable Forms Based Authentication I start getting an Acccess is denied error when I try to connect to the service. I can login successfully using FBA so I don't think the problem is caused by the FBA configuration. Does anyone have any ideas to what might be causing this?
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend