Develop Reference

UI design is not working(CSS is not loading)

I developed a web application having LDAP authentication. So when I load my login page for the initial time, it won't take any CSS styles and when I login to the system, the inner page designes are perfectly OK. And when I logout, it navigates to login page and now the login page design is perfectly ok and it loads all the CSS files perfectly.
If I clear the history and refresh the login page, the login page won't load perfectly. The CSS files will not load perfectly.
Before integrating LDAP to the application, it works perfectly for all the time.
Can anybody come up with a solution, please?
setting in webconfig
<authentication mode="Forms">
<forms loginUrl="syslogin.aspx" name="adAuthCookie" timeout="10" path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
updated webconfig
<location path="img">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I wrote this code to access the image from the folder "img" which I set as background of a div and it's actually the logo. But it won't work.
Regards,
Sivajith

Add a <location> Rule in your web.config to allow anonymous users to your static ressources, if all your styles, scripts, images etc. are in the /static directory, use:
<location path="/static">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

Forms authentication not working as expected

I am trying to use Forms Authentication for the first time. This is what I have in my web.config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="Login" slidingExpiration="true" timeout="30" path="/">
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
The website I am working on doesn't actually need any authentication because the page should be accessible without logging in. So that's why I'm allowing all users. I am very new to this so there's probably something obvious I'm doing wrong, but all pages seem to redirect to Login.aspx, even though I'm allowing all users.
All help is very much appreciated. Thanks.
UPDATE:
As one answer directed, I changed the code to the below (changed * to ?) but I still have the same problem:
<authorization>
<allow users="?" />
</authorization>

Asterisk stands for any authenticated user which does not include anonymous users. Use question to allow anonymous users:
<allow users="?" />

I came at this page having the same problem, and see that 5 years later this has never been properly answered.. You needed to specify the following in web.config:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
Meaning that you deny access to all anonymous users, and allowing access to all authenticated users.

ASP.NET Forms Authentication

I have the following ASP.NET Forms Authentication configuration:
<system.web>
<authentication mode="Forms">
<forms name="MembershipCookie"
loginUrl="Login.aspx"
protection="All"
timeout="525600"
slidingExpiration="true"
enableCrossAppRedirects="true"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Home.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location
If an anonymous user visits the site and requests home.aspx should they be denied access and kicked to the Login.aspx page because the first rule <deny users="?" /> will match and further processing will stop?
The site is running on IIS7.5, ASP.NET 4.0 and the application pool is configured for Integrated Pipeline mode.
Update:
The reason for this question was to sanity check my understanding of ASP.NET 4.0's Forms Authentication behaviour (which was actually correct). There is a related follow up question which describes what looks like a bug in a hotfix (which is also rolled into Windows 2008R2 SP1) - KB980368:
ASP.NET 2.0 and 4.0 seem to treat the root url differently in Forms Authentication

If an user is accessing Home.aspx , it will use the configuration section for Home.aspx specified by <location /> and hence the user will not be kicked out to Login.aspx .

If a user access Home.aspx then the second rule will be applied i.e.
<location path="Home.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
The point to note here is: * tells that any authorized user (having any or no role assigned) could access the page, but ? tells unauthorized user could not access the page.

How to redirect the user to password recovery page with forms authentication

I am a beginner of asp.net..I currently have a login page with forgot password link button on the bottom of the screen. I am also using forms authentication to prevent an unauthorized user from accessing the other pages. The authentication seems to be working fine except for one thing. It prevents the user from accessing the password recovery page once the user click on the link button. How do I allow all users access to the login/password pages and also prevent them from viewing the other pages if they are not authenticated?
The code below is to prevent from other anonymous view other pages without access. But i got no idea on how to allow them to access password recovery page...
<authentication mode="Forms">
<forms loginUrl="/Presentation/Display/Login.aspx" name=".ASPNETAUTH" protection="All" path="/" timeout="120" cookieless="UseDeviceProfile" slidingExpiration="true"/>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?"/>
</authorization>

You need to use the <location> element to apply settings to a specific path, then add an <allow /> for non-logged-in users.
For example:
<location path="PasswordRecovery.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>

<location path="Presentation/Display/PasswordRecovery.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
This allows anonymous users to view your password recovery page. You might want to do the same for the directory where your CSS and/or image resources are stored, in case they are required by your login page and/or your recovery page.

Use Location:
<location path="passwordrecovery.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

ASP.NET Authentication doesn't work

I'm learning how to use the asp authentication, and I have created a test project for it. I have the Default page, the Login page and a Test folder with a Default page inside.
I want that Default page accesible for everyone (so, without authentication) and the "Test/Default.aspx" private. My "Web.config" is like this:
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH" >
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Empresas">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
This way, when I access to the Test/Default.aspx page, I can enter even without authorization, and I don't know why. However, if I change "deny users=?" for "deny users=*", then I can't access even when I am authenticated, so the location tag is working correctly.
I change the password every time, just in case it was a cookies problem, but it isn't.
QUESTION: What is wrong in my web.config, or what do I have to do to create some pages privated?
Thank you very much in advance

how about allow users="?"
i.e. allow authenticated users