Anyone know if it is possible to disable the behavior that automatically appends the ReturnUrl for forms-based auth?
View Complete Post
Hello, I am seeing a strange problem with Forms Authentication in my DD site. A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.
in web.config I have
<authentication mode="Forms"> <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" /> </authentication>
Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused. Has anyone else experienced this or have any suggestions? Thanks!
Form template has cascading dropdown lists. When item selected from first list, form code executes a FileQueryConnection to retrieve data from a list to populate 2nd listbox.
Getting 403 forbidden when explicitely attempting to retrieve data from code. Form is using connections from a data connection library.
The template works perfectly when deployed to a windows authenticated site. Fails when executed from the forms authenticated site.
I'm in the middle of converting an intranet application to use forms authentication. The authentication process works fine for the core application and all the nested classic asp pages. However, my nested asp.net applications do not work. I have mapped their web.configs to the correct login url. If I attempt to access them after logging in, I am automatically redirected to the homepage of the intranet application. If I try to access them directly, I am redirected to the login screen, as I should be, and then the intranet homepage after the login process, instead of the page I need to access.
At first, I thought there might be some remnant of the security processes in the nested applications, but it does it for applications that have no security processes other than the one for the core intranet.
Since this is my first crack at using forms authentication, I'm assuming I've missed some step. Any ideas?
Here is the section of my web.config:
<authentication mode="Forms"> <forms loginUrl="~/folder/loginpage.aspx" name="Cookie Name"></forms>
<authorization> <deny users="?" /> <allow users="*"/>