Weird web.config issue

  • Thread starter Thread starter CW
  • Start date Start date
C

CW

I have run into a really strange problem.

My objective is that I only want user who have authenticated themselves to
be able to access the website (and authentication is performed by form
authentication). Only a registration web page is allowed anonymous access.

I have the following contents in web.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- application specific settings -->
<appSettings>
<add key="ConnectionString"
value="server=localhost;Trusted_Connection=true;database=Commerce" />
</appSettings>
<!-- forms based authentication -->
<system.web>
<compilation debug="true" />
<pages validateRequest="true" />
<!-- enable Forms authentication -->
<authentication mode="Forms">
<forms name="CommerceAuth" loginUrl="login.aspx"
protection="All" path="/" />
</authentication>
<authorization><deny users="?" /></authorization>
<!-- enable custom errors for the application -->
<customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" />
<!-- disable session state for application -->
<sessionState mode="Off" />
<globalization fileEncoding="utf-8" requestEncoding="utf-8"
responseEncoding="utf-8"/>
</system.web>
<!-- set non-secure paths -->
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
</configuration>

With this web.config, I have run into a really stange problem. If I access
the website from IIS machine that hosts this application, I get to the
login.aspx as expected. After supplying the correct credential, the
application takes one to the default.aspx as configured.

However, if I access the web application from a remote computer, despite
that having supplied correct credentials, login.aspx keeps redirecting to
itself rather than default.aspx. I checked that login.aspx has executed
FormsAuthentication.RedirectFromLoginPage(loginId, false) method correctly
(i.e., login is successful) using VS debugger.

Any idea what is happening here?

Thanks in advance
CW
 
I found a way to get around this weird problem.

On the remote computer, instead of specifying the computer name, if I use
the IP address, everthing would work.

i.e., to access the website on a remote computer, if I use
http://xxxx.xxxx.xxxx.xxxx/commerce, everything works fine. After logging
in, the user gets redirected to the default.aspx.

However, if I use http://computername/commerce, login.aspx keeps redirecting
to itself.

Both the remote and iis computer is sitting on the same LAN (and both
computers are running win xp).

This is even more bizzare than I think. Any idea as to why such strange
behaviour?
 
Thanks for the reply. But it didn't make an iota of difference if I use
computername in the url.

Bin Song said:
try changing the authorization block to the following:
<authorization><deny users ="?" /><allow users ="*" /></authorization>

Bin Song, MCP


----- CW wrote: -----

I have run into a really strange problem.

My objective is that I only want user who have authenticated themselves to
be able to access the website (and authentication is performed by form
authentication). Only a registration web page is allowed anonymous access.

I have the following contents in web.config:

<?xml version="1.0" encoding="utf-8" ?><configuration><!--
application specific settings --> said:
value="server=localhost;Trusted_Connection=true;database=Commerce"
/></appSettings><!-- forms based authentication --><system.web><compilation
debug="true" /><pages validateRequest="true" /><!-- enable Forms
authentication --> said:
protection="All" path="/" /></authentication><authorization><deny
users="?" /></authorization><!-- enable custom errors for the
application --><customErrors mode="RemoteOnly"
defaultRedirect="ErrorPage.aspx" /><!-- disable session state for
 
CW said:
I found a way to get around this weird problem.

On the remote computer, instead of specifying the computer name, if I use
the IP address, everthing would work.

i.e., to access the website on a remote computer, if I use
http://xxxx.xxxx.xxxx.xxxx/commerce, everything works fine. After logging
in, the user gets redirected to the default.aspx.

Vague recollection: does your computer name have an underscore in it?
 
I remember the underscore (which is apparently not really valid in a DNS
name) causes this problem.
 
Back
Top