PDA

Click to See Complete Forum and Search --> : showing login page's images bypassing form authentication

marinajogy
September 15th, 2008, 07:21 AM
Hello, I am using Net framework V.2

Pl see my websites's web.config below.
my page contains some good quality images, which I want to show
im all pages(as developed as a user control) including logon.aspx page
also.
but when the home page is requested, it is redirected to the logon.aspx -
unfortunately the images not showing up in the logon.aspx - instead
image markings only appears - any way solve this problem



<system.web>
<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH"></forms>
</authentication>
<authorization>
<deny users="?"/>

</authorization>
</system.web>
HairyMonkeyMan
September 15th, 2008, 07:54 AM
You need to put images to be visible before login in a public folder. A request for any other file in your project folder will redirect to the login page.
mmetzger
September 15th, 2008, 10:49 AM
You can also make the images folder have its own authorization section of the web.config. Consider if you have an "/images" folder - you can add this to the web.config:


<location path="/images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>


You can have as many of these as you need - it can point to directories or specific paths as well (ie, weather.aspx, etc..)
marinajogy
September 16th, 2008, 01:08 AM
You can also make the images folder have its own authorization section of the web.config. Consider if you have an "/images" folder - you can add this to the web.config:


<location path="/images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>


You can have as many of these as you need - it can point to directories or specific paths as well (ie, weather.aspx, etc..)

NOT WORKING
below is the web.config file - images contains all the images loaded to the
user control that is part of the logon.aspx page



<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings>
<add name="connectionString" connectionString="Server=.;database=ekd;uid=sa;pwd=sa"/>
</connectionStrings>

<location path="~/images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>


<system.web>
<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.

Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.

<authentication mode="Windows"/>
-->
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
</configuration>
marinajogy
September 16th, 2008, 01:10 AM
You need to put images to be visible before login in a public folder. A request for any other file in your project folder will redirect to the login page.

HOW pliblic folder is configured for a website
mmetzger
September 16th, 2008, 09:04 AM
Try two things:

- Put the location attributes after the forms section of the web.config
- Remove the ~/ portion from ~/Images

Refer to http://quickstarts.asp.net/QuickStartv20/util/srcview.aspx?path=~/aspnet/samples/navigation/SiteMapSecurity.src for an example.
marinajogy
September 16th, 2008, 10:08 PM
Try two things:

- Put the location attributes after the forms section of the web.config
- Remove the ~/ portion from ~/Images

Refer to http://quickstarts.asp.net/QuickStartv20/util/srcview.aspx?path=~/aspnet/samples/navigation/SiteMapSecurity.src for an example.


- Remove the ~/ portion from ~/Images - worked,
thanks a lot