Enabling Windows Forms Based Authentication Cause Error

Asked By 120 points N/A Posted on -
qa-featured

I enabled windows forms based authentication for my website. After enabling windows forms based authentication, some of the images and colors of the website page got lost! When I disabled the authentication mechanism, the images and colors come back again.

I have no idea why! Can somebody explain this situation to me?

SHARE
Best Answer by WizKid
Answered By 0 points N/A #90239

Enabling Windows Forms Based Authentication Cause Error

qa-featured

.Net Forms authentication basically locks out all resources except for the login page. In event you are using linked resources in side the HTML page, they are prevented from downloading onto the client browser. Basically all resources need to be "embedded" on the login page itself. This means you need to have in-line styles and preferably no graphics. If you are using linked resources such as style sheets and images, you need to tell the .Net Website to exclude resources from being secure.

Answered By 120 points N/A #90241

Enabling Windows Forms Based Authentication Cause Error

qa-featured

In event the login page requires other resources such as images, scripts and CSS files, should not the .Net Framework just free them up and allow it to download? This is because if the entry point to the website is the login page, should not the framework allow it to function correctly ? This is news to me! Is it not a bug in the framework?

Answered By 0 points N/A #90242

Enabling Windows Forms Based Authentication Cause Error

qa-featured

When you secure the pages, a total lockdown occurs. Only the page HTML and inline scripts, styles are allowed. Basically you are only allowed to "download" the login page html and NOT its linked resources! This is by design. It follows the security principal that "only thyself and not others". In a way it is good, because in order to allow linked resources to be "downloadable", the respective resources need to be "unsecured". This will invite a security hole. Therefore, I do not think its a bug.

Answered By 120 points N/A #90243

Enabling Windows Forms Based Authentication Cause Error

qa-featured

Now comes the big question. How do I get about excluding the style sheet and the images that I have used in my web page from the .Net Authentication framework? I have a logo image, a button image and a style sheet. I also have a set of Java Script files that I use for animations on the Login page. Do I need to set special windows file permission on it? I could not find an option on the web configuration wizard to specify files as "unsecured".

Best Answer
Best Answer
Answered By 0 points N/A #90244

Enabling Windows Forms Based Authentication Cause Error

qa-featured

I would recommend that you put all the files that are required for the login page into one folder and then exclude that folder only. This is done by putting an entry in the Web.Config and not via windows file permissions. Assuming you put all the files in a folder called "unsecure", the following code in the Web.Config will do the trick:

<location path="unsecure">
     <system.web>
      <authorization>
             <allow users="*"/>
     </authorization>
      </system.web>
</location>
 
The allow users need to have the value of  "star" (asterisk *). This means all users including anonymous users.
Answered By 120 points N/A #90245

Enabling Windows Forms Based Authentication Cause Error

qa-featured

After putting the suggested code, the web page looks half ok. I am using a theme file as well. Do I need to exclude it as well in a similar fashion? Is the following code correct? I am using a them called "default".

 <location path="App_Themes/default">
  <system.web>
   <authorization>
    <allow users="*"/>
   </authorization>
  </system.web>
 </location>

Answered By 0 points N/A #90246

Enabling Windows Forms Based Authentication Cause Error

qa-featured

That is correct. You need to exclude the themes directory as well. This is because it follows the same pattern as excluding your images. All resources that is required for the login page need to be excluded. You are learning fast!

Answered By 120 points N/A #90247

Enabling Windows Forms Based Authentication Cause Error

qa-featured

Thank you WizKid. Your were excellent! My Webpage now looks good! I learnt a lot from this thread regarding .Net Forms authentication!

Related Questions