Authorization - web.config

[cathiec]

i am using forms authentication. in my web.config i have

<authentication mode="Forms">

<forms loginUrl = "Logon.aspx" name = "adAuthCookie" timeout = "60" path="/">
/forms>
</authentication>


<authorization>

<deny users = "?"/>
<allow users = "*"/>
</authorization>

my program contains logic to authorize what the user is allowed to access. A user clicks on a hyper link in a datagrid to access a form. The logic in the program determines whether the user is authorized to see this form of not.

the problem is that when the link is clicked on then a windows pop up appears asking for username and password and authorizes the user to view the page even if the code that i have written does no authorize. windows seems to be over -riding what i have configured the program to do. if i remove the authorization element from the webconfig then the user is not authorized to view anything.

does anyone know how to solve this?

 

[crazyboybert]

Sounds like you have Basic Authentication enabled in IIS on your web server. Open the IIS mmc console on the server (Mycomputer > Manage > Services > Internet Information Services) and select the right website. Right click, select Directory Security Tab, click the Edit button and uncheck the box for Basic Authentication and Integrated Windows Authentication and make sure the Anonymous Access checkbox is selected.

Rob

Go placidly amidst the noise and haste, and remember what peace there may be in silence - Erhmann 1927