CodeCharge Studio
search Register Login  

Web Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> General/Other

 codecharge security problem on IIS 7.5

Print topic Send  topic

Author Message
rbaldwin

Posts: 172
Posted: 03/11/2014, 3:32 PM

i have an intranet site running on IIS 6 working fine, but when i moved it to IIS 7.5 i have an issue with Codecharge security model when the browser is Not IE

CCS 4.3, asp.net

The site as a folder structure that looks something like:
/
/admin
/other

pages in the root folder and in the /other folder are open to "Authenticated Users" i.e. Windows authenticated users and the pages themselves are not restricted.

the pages in the /admin folder are all restricted to admin users.

So, in the projects properties, i have security model set to table and i have a users table etc.

Like i said iis 6 worked as i expected, users could go to any root or /other report and no login screen, a /admin page and the first time they got prompted for login in all browsers

On iis 7.5, IE users still experience correct behaviour

However Chrome users, can get to pages in the root folder. but any page in any other folder
results in endless redirects.

Any thoughts?
View profile  Send private message
eratech


Posts: 513
Posted: 03/11/2014, 9:23 PM

I'm not sure of the IIS 6->7.5 difference (but there might be something changed) but I'm always mucked up with Windows vs Forms Authentication with non-IE browsers.

When you say the 'login screen' do you mean the CCS one, or the browser popup (usually for Windows authentication)?

I'll try setting up an IIS 7.5 and see what I can break...Um... discover....

Eric

_________________
CCS 3/4/5 ASP Classic, VB.NET, PHP
Melbourne, Victoria, Australia
View profile  Send private message
rbaldwin

Posts: 172
Posted: 03/12/2014, 6:39 AM

Eric, thanks for taking a look

i'm refering to the CCS login page. And in my case the login page is in the /admin folder. As well, i'm doing a silent login with the login event i have below.

This is an Intranet Site and all users are windows users. I have 3 types of users
Admin - have access to the /admin folder
User – have access to /restricted folder(s)
Everyone else – these users are not in my CCS security user table – and have access to /root and other folders that do not have restricted access

The login column in my users table is populated with window’s logins. I only have rows populated for Admin and User.

In my login page, I have

'Record Login Event BeforeShow. Action Custom Code @11-73254650

'Get windows domain/login
Dim CurrentUser as String = lCase(Request.ServerVariables("LOGON_USER"))
Dim myUserPassword as String = CurrentUser ‘

‘check if CurrentUser is in user table
If DBUtility.CheckUser(CurrentUser, myUserPassword) Then

dim admin = Settings.Connection2DataAccessObject.ExecuteScalar("SELECT adminGroup FROM [$_SIVMS_users] WHERE login='" & CurrentUser & "'" )

‘if user is admin then send to admin menu else to the landing page
if admin = 1 then
Response.Redirect(“adminMenu.aspx”)
Else
Response.Redirect(“../landingPage.aspx”)
end if
else
‘if user is not found in user table send to the landing page
Response.Redirect(“../landingPage.aspx ")
End If

'End Record Login Event BeforeShow.

View profile  Send private message
eratech


Posts: 513
Posted: 03/13/2014, 12:24 AM

I haven't set up the IIS test yet, but looking at your code, it seems very similar to something I was trying a few years ago on one of my sites. We didn't get it working properly then.

We ended up using the normal site web.config in / (root) and used Windows authentication with a separate web.config in the /subfolder.

Some thoughts - could you be getting the same authentication request when you access the /admin or /restricted folders (ie: is the web.config at the higher level cascading down and causing some sort of confusion?)

I'm sure you've googled, but this looks interesting for IIS 6-> IIS 7 differences
http://www.iis.net/learn/get-started/whats-new-in-iis-7...iis-7-and-above

E
_________________
CCS 3/4/5 ASP Classic, VB.NET, PHP
Melbourne, Victoria, Australia
View profile  Send private message
rbaldwin

Posts: 172
Posted: 03/13/2014, 2:51 PM

Thanks again Eric, you clued me in to the possiblity of unique web.config files per folder - didn't know i could do that. I think that is one way to fix my problem, but i think another that i'll try is one web.config with multiple location elements. each with appropriate <authentication> sections for the respective path.
<configuration>
<location path="Page1.aspx">...</location>
<location path="Page2.aspx">...</location>
<location path="Page3.aspx">...</location>
</configuration>


i havn't needed to fiddle with web.config much so i have some tinkering to do.
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

MS Access to Web

Convert MS Access to Web.
Join thousands of Web developers who build Web applications with minimal coding.

CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.