M
manuel.ricca
Hello all,
I am trying to create a virtual directory where a user can
authenticate securely (via SSL) and then get back to the normal HTTP
site.
First I created a new virtual directory called members and required
SSL for it. I created a new ASP.NET application at members and put the
necessary stuff in web.config:
<system.web>
<authentication mode="Forms" />
<compilation defaultLanguage="c#" />
<authorization>
<allow roles="Customer"/>
<deny users="*"/>
</authorization>
</system.web>
This works but when a user goes back to the HTTP site I don't get
anything in Page.User.Idenitity.
So I tried putting everything back in the main application (removed
the members application from IIS) and added this to the main
web.config:
<authentication mode="Forms">
<forms loginUrl="https://server/members/login.aspx"/>
</authentication>
<location path="members">
<system.web>
<authentication mode="Forms"/>
<authorization>
<allow roles="Customer"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
However, members is only accessible via HTTPS and the location doesn't
apply (because it's only expecting http://server/members and not
https://server/members). This means that the user won't get redirected
to my login URL. It is not allowed to put an absolute URL in location
tags (which would be <location path="https://server/members"> so it
seems I'm stuck.
Does anyonone have a solution for this? I'm thinking of getting back
to the 2 applications solution and passing the user information to the
HTTP site somehow (any ideas?).
Thanks in advance,
Manuel Ricca
I am trying to create a virtual directory where a user can
authenticate securely (via SSL) and then get back to the normal HTTP
site.
First I created a new virtual directory called members and required
SSL for it. I created a new ASP.NET application at members and put the
necessary stuff in web.config:
<system.web>
<authentication mode="Forms" />
<compilation defaultLanguage="c#" />
<authorization>
<allow roles="Customer"/>
<deny users="*"/>
</authorization>
</system.web>
This works but when a user goes back to the HTTP site I don't get
anything in Page.User.Idenitity.
So I tried putting everything back in the main application (removed
the members application from IIS) and added this to the main
web.config:
<authentication mode="Forms">
<forms loginUrl="https://server/members/login.aspx"/>
</authentication>
<location path="members">
<system.web>
<authentication mode="Forms"/>
<authorization>
<allow roles="Customer"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
However, members is only accessible via HTTPS and the location doesn't
apply (because it's only expecting http://server/members and not
https://server/members). This means that the user won't get redirected
to my login URL. It is not allowed to put an absolute URL in location
tags (which would be <location path="https://server/members"> so it
seems I'm stuck.
Does anyonone have a solution for this? I'm thinking of getting back
to the 2 applications solution and passing the user information to the
HTTP site somehow (any ideas?).
Thanks in advance,
Manuel Ricca