Showing results for 
Search instead for 
Do you mean 

LoginForm.aspx is getting bypassed despite the Forms authentication being implemented

by Technical Evangelist on ‎08-10-2016 03:31 AM (620 Views)

Question

We have successfully implemented the loginform.aspx via Forms authentication in IIS for a Geospatial Portal. However, when users access the Portal instance the loginform.aspx is bypassed and never comes up making our implementation moot. How can we force users to authenticate at loginform.aspx when accessing a Portal instance?

Answer

This can be resolved by adding an <authorization> element to the web.config of the Portal instance.

To avoid this bypassing of the LoginForm.aspx when you using Forms authentication please add:

<authorization>

     <deny users="?" />

</authorization>

 

To the system.web section of the web.config.

Now it should look like this:    

 

<authentication mode="Forms">

            <forms loginUrl="LoginForm.aspx" />

        </authentication>

 

                <authorization>

     <deny users="?" />

    </authorization>         

 

This will stop the bypassing of the loginform.aspx and ensure users authenticate at that popup. IIS reset may be needed to ensure change is implemented.

Comments
by bsantos
on ‎11-14-2016 07:57 AM

Hi, I tried this configuration to ensure only authenticated users access the portal but when the session ends for some reason, the portal does not work anymore (doesn't update maps, don't save user maps, etc.). It is giving a JS error:

 

  • Uncaught Error: Sys.ArgumentException: Cannot deserialize. The data does not correspond to valid JSON.(…)

Is there a way to surpass this?

Contributors