ansaurus

Question

Answer 1

A:

turning the authenticode to none should do it. there must be something you're missing, are you sure you're browsing the deployed code that you updated?

Joel Martinez 2009-09-16 17:00:53

Right-click-View in Browser.

pthalacker 2009-09-16 17:21:44

I am sure I am missing something. That is why I posted the question

pthalacker 2009-09-16 17:24:12

Answer 2

+1 A:

You can use the location tag in the web.config for that secured directory to overidde security for those pages:

 <location path="secureddir/newform.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

rick schott 2009-09-16 17:06:31

Answer 3

+1 A:

Try adding the information below to your web.config. This will remove the items in the path from the authorization required.

<location path="XXXXXXXXX">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

bechbd 2009-09-16 17:07:37

I tried this and no joy. I tried again with no path attribute which MSDN says will apply to the current directory and all child directories and still no joy. I tried adding users="?" also and still no joy.

pthalacker 2009-09-16 17:23:25

Answer 4

A:

I've had this problem before - this may not pertain to you, but I'll mention that it was an in-memory cookie that caused my authentication form to keep coming up. I found out by trying a different browser, that is, FF, Chrome, instead of IE.

Steve 2009-09-16 18:11:50

I am using FireFox as the default. I just tried opening one of the pages in IE using the development server IIS instead of localhost. Still no joy.

pthalacker 2009-09-16 18:51:24

Perhaps there is an intermediate config file between the root and secured folder? Or the web.config file points to another config file for authentication: <authentication configSource="webAuthentication.config"/>Or the machine.config authentication section is somehow being used?Or there's some custom authentication going on in global.asax?

Steve 2009-09-17 12:39:32

The only thing in Global.asx is a trap for a 404 error. No configSource in web.config. To my knowledge no one has ever touched machine.config so it should be in pristine default condition.There are only three web.config files—one in the root, one in the Secure folder where I put all the login and user management pages and one in the folder that contains the content that needs secure access. Are you saying that the web.config file in one folder can impact the behavior of a peer folder? That would be nasty. - pamela

pthalacker 2009-09-18 13:46:15

Did you try stopping and restarting the webserver? Are you using IIS7? There's a forms authentication setting in iis Manager. A debug session starting with app_start didn't show you anything?

Steve 2009-09-27 17:06:01

@Steve My IIS management skills are kind of thin. But I get the same results in the VS server on localhost that I do on the server for the development site. We have given IUSER anonymous access for the site and there is no problem accesssing folders that were never put under forms authentication. Just the ones that were. If I put a breakpoint in App_Start, what would I be looking for?

pthalacker 2009-09-28 17:07:32

I'd do a step into F11 in anticipation of finding something like what David above mentioned - a call to FormsAuthentication or something similar. I'd also run firebug or webdeveloper or whatever browser development tool that allows you to watch for the session cookie while doing the trace.

Steve 2009-09-28 19:22:19

Answer 5

+1 A:

You may have a page (or a base class, or a master page) that is calling FormsAuthentication.RedirectToLoginPage();

David 2009-09-17 16:42:30

All of my authentication redirection is begin done with web.config files. The only redirect is from the Logout.aspx page. There is nothing in any class or master page having to do with security.

pthalacker 2009-09-18 21:18:35

ansaurus

tags:

views:

answers:

How to disable forms authentication

related questions