The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to and click on the form. You will also gain access to thousands of other FAQs at ITFAQnet.com.
|
|
I have configured my web.config file to use forms authentication and deny unauthenticated users, but it doesn’t redirect me to the login form when I access protected content.
|
|
|
|
Instead of using HTTP modules shown in this chapter, can I use the Application_OnAuthenticateRequest event in the global.asax file?
|
|
|
|
I have my site configured for Windows authentication, and I enter the correct password, but it keeps prompting me to enter the password again.
|
|
|
|
What is the difference between the different HTTP error handlers such as HttpMethodNotAllowedHandler and HttpForbiddenHandler?
|
|
Answers
|
|
Check the properties of the application in the Internet Services Manager to be sure that anonymous access is disabled. If anonymous access is enabled, IIS will never attempt to authenticate the user.
|
|
|
You do not need to create an HTTP module to handle global ASP.NET events. You can also add event handlers to global.asax. HTTP modules are much like binary versions of global.asax.
|
|
|
There may be various reasons for this. First, make sure that you include the principal with the username in the format domain\username or localsystem\username. Also be sure that the user account you are using has NTFS permissions to access the Web content.
|
|
|
The difference is the HTTP status code it returns: HttpForbiddenHandler returns a 403, HttpNotFoundHandler returns a 404, HttpMethodNotAllowedHandler returns a 405, and HttpNotImplementedHandler returns a 501.
|