|
-
Jul 14th, 2004, 03:25 AM
#1
Thread Starter
Frenzied Member
Web.config and security
I have an application which is protected using the web.config and setting the authorization and authentication tags.
In the application I redirect to a new window (a printing facility) but then I need to reenter username and password again and that is not the meaning. How can I define not to go to the login when this page is opened?
Code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!--<pages smartNavigation="true" />-->
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
<authentication mode="Forms">
<forms name=".hpl" loginUrl="login1.aspx" protection="All" timeout="20" />
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
-
Jul 14th, 2004, 03:32 AM
#2
I don't know a great deal about secruity but does this happen because opening a new window is starting a new session?
You could place the new page in a sub folder with it's own web.config that allowed anonymous users.
or maybe setting authentication ticket to be persistent would work, i'm not sure though.
-
Jul 14th, 2004, 03:54 AM
#3
Thread Starter
Frenzied Member
I will try that. I will find out what "protection=all" in the authentication tag means, maybe I can define that the protection doesn't include print.aspx.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|