This is a migrated thread and some comments may be shown as answers.

Problems with Forms Authentication

1 Answer 124 Views
Window
This is a migrated thread and some comments may be shown as answers.
Craig
Top achievements
Rank 1
Craig asked on 01 Oct 2008, 03:15 AM
Hi, I have an interesting problem using Forms authentication mode with the Telerik Window. I'm using ASPNET AJAX Q1 2008:

<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> 
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> 

I'm building a site that starts on Default.aspx. This page uses a MasterPage on which have the link that opens the window:
<id="lnkLogin" href="">Login</a> 

The Window that opens shows login_pop.aspx that performs the user authentication. The Terlerik Window controls on my Master page (which essentially is my Default.aspx page are:
<telerik:RadScriptManager ID="RadScriptManager1" runat="server" ScriptMode="Release"
</telerik:RadScriptManager> 
<telerik:radwindowmanager ID="RadWindowManager1" runat="server"
<windows> 
    <telerik:RadWindow ID="rwWindow" runat="server" Behavior="Default"  
        Height="400px" InitialBehavior="Close" Left="" ReloadOnShow="true" 
        NavigateUrl="login_pop.aspx" OpenerElementID="lnkLogin" 
        style="display:none;" Top="" Width="400px"
    </telerik:RadWindow> 
</windows> 
</telerik:radwindowmanager> 

In the process of building this site, I started without denying anybody. In other words, anyone could access the site and all the pages. And the Window worked exactly as I expected.

I then started adding my security. I want/need to use Forms authentication so in my Web.Config I specify what my default full accessible page is and deny all unauthorized users:
<authentication mode="Forms"
   <forms name=".ASPXAUTH" loginUrl="Default.aspx" protection="All" path="/" /> 
</authentication> 
<authorization> 
  <deny users="?"/> 
</authorization> 

Now here's where you have to pay attention. In testing my authentication, I wanted to ensure I was working from a clean slate so I went into IE and killed all my Temporary Internet Files. I restart my browser to run my App and it bombs! I get:

Microsoft JScript runtime error: 'Telerik' is undefined

And my debugger stops on:
$create(Telerik.Web.UI.RadWindow, {"clientStateFieldID":"ctl00_rwWindow_ClientState","formID":"aspnetForm","height":"400px","iconUrl":"","initialBehaviors":4,"left":"","minimizeIconUrl":"","name":"rwWindow","navigateUrl":"login_pop.aspx","openerElementID":"lnkLogin","reloadOnShow":true,"skin":"Default","top":"","width":"400px"}, null, null, $get("ctl00_rwWindow")); 

So I start Googling away to find out what the problem is, with no luck. Only through trial and error do I discover that if I change my Web.Config to:
<authorization> 
    <allow users="*"/> 
</authorization> 

then run the application - all is well again. And even if I set it back to:
<authorization> 
    <deny users="?"/> 
</authorization> 

It will continue to work fine as long as I don't delete my Temporary Internet files.

One last thing, I have also put in my Web.Config the following code which is supposed to allow any user access to the login_pop.aspx page so it can be called from Default.aspx:
<location path="login_pop.aspx"
   <system.web> 
    <authorization> 
       <allow users="*"/> 
    </authorization> 
   </system.web> 
</location> 

Is there a problem with the way I'm implementing the Telerik Window? Or do I just need to figure out how to open up the Temporary Internet Files folder to Anonymous users? Any suggestions/comments are welcome.

Thanks,
Craig






1 Answer, 1 is accepted

Sort by
0
Craig
Top achievements
Rank 1
answered on 01 Oct 2008, 10:39 PM
Okay - a bit more digging and I managed to find an answer. Thanks to Morgan this solved my problem:

<location path="Telerik.Web.UI.WebResource.axd">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

I found it in this post:
http://www.telerik.com/community/forums/thread/b311D-bcdcem.aspx

Craig
Tags
Window
Asked by
Craig
Top achievements
Rank 1
Answers by
Craig
Top achievements
Rank 1
Share this question
or