Anonymous and Windows Authentication

I need to have a site that supports both of the above schemes.

I have created the site and published it to a folder and have set up two
virtual directories on the folder, one with Anonymous enabled, the other with
Windows Authentication.

I have a login/logout button that when clicked does a simple redirect to the
appropriate site. I am checking
HttpContext.Current.User.Identity.IsAuthenticated to decide what to do.

The site is identical in both cases, and the web.config is set as:

<authentication mode="Windows" />
<identity impersonate="true" />

Now this all works fine, if I start on Anonymous click the login button I'm
directed to the Windows URL and access to resources is correct.

If I then click the login/logout button again, this also works and I get
sent back to the Anonymous URL and the resource access is correct.

If I then try clicking the login/logout button for a third time, I am just
left in the Anonymous site and am never taken to the Windows URL.

I've tried IsAuthenticated, I've tried checking User.Identity.Name.Length
and all manner of other things as my test to redirect and nothing seems to
work.

Anyone got anything else I could try or advice on why it is not working?

Many thanks,

CD

Just to add a bit more detail so this can be setup and tested just to make
sure I'm not going made, if you create a brand new web site project, add a
<asp:LinkButton> to the Default.aspx page, and then have the following in the
code behind:

protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
{
if (!HttpContext.Current.User.Identity.IsAuthenticate d)
{
LinkButton1.Text = "Login";
}
else
{
LinkButton1.Text = "Logout";
}
}
}

protected void LinkButton1_Click(object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{

Response.Redirect(System.Configuration.Configurati onManager.AppSettings["AnonymousSiteUrl"], true);
}
else
{

Response.Redirect(System.Configuration.Configurati onManager.AppSettings["WindowsSiteUrl"], true);
}
}

The web.config I have is set up as:

<appSettings>
<add key="AnonymousSiteUrl" value="http://localhost/SecuritySiteTestAnon" />
<add key="WindowsSiteUrl" value="http://localhost/SecuritySiteTest" />
</appSettings>

with the following authentication/identity:

<authentication mode="Windows" />
<identity impersonate="true"/>

It really is that simple. If I set up two virtual directories in IIS
pointing to the same directory, and then publish this (VERY) simple site to
the folder, if I browse to the SecuritySiteTestAnon page I can login okay, I
can logout of the SecuritySiteTest page I get directed to, but then clicking
Login again just leaves me in SecuritySiteTestAnon.

I've tried many things, maybe this is simply not possible. BTW, this is on
Windows Server 2003.

Help!

Thx,

CD

"Competitive Dad" wrote:

Quote:

I need to have a site that supports both of the above schemes.

I have created the site and published it to a folder and have set up two
virtual directories on the folder, one with Anonymous enabled, the other with
Windows Authentication.

I have a login/logout button that when clicked does a simple redirect to the
appropriate site. I am checking
HttpContext.Current.User.Identity.IsAuthenticated to decide what to do.

The site is identical in both cases, and the web.config is set as:

authentication mode="Windows" /
identity impersonate="true" /

Now this all works fine, if I start on Anonymous click the login button I'm
directed to the Windows URL and access to resources is correct.

If I then click the login/logout button again, this also works and I get
sent back to the Anonymous URL and the resource access is correct.

If I then try clicking the login/logout button for a third time, I am just
left in the Anonymous site and am never taken to the Windows URL.

I've tried IsAuthenticated, I've tried checking User.Identity.Name.Length
and all manner of other things as my test to redirect and nothing seems to
work.

Anyone got anything else I could try or advice on why it is not working?

Many thanks,

CD

Well, chalk this up as something I'm not quite sure I understand, but I've
cracked it.

Instead of having the web.config set as below for the appsetting, I changed
to:

<appSettings>
<add key="AnonymousSiteUrl"
value="http://localhost/SecuritySiteTestAnon/Default.aspx" />
<add key="WindowsSiteUrl"
value="http://localhost/SecuritySiteTest/Default.aspx" />
</appSettings>

so included an explicit page after the Url and it works.

If anyone could provide an explanation that'd be dandy.

Thx,

CD
"Competitive Dad" wrote:

Quote:

Just to add a bit more detail so this can be setup and tested just to make
sure I'm not going made, if you create a brand new web site project, add a
asp:LinkButton> to the Default.aspx page, and then have the following in the
code behind:

protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
{
if (!HttpContext.Current.User.Identity.IsAuthenticate d)
{
LinkButton1.Text = "Login";
}
else
{
LinkButton1.Text = "Logout";
}
}
}

protected void LinkButton1_Click(object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{

Response.Redirect(System.Configuration.Configurati onManager.AppSettings["AnonymousSiteUrl"], true);
}
else
{

Response.Redirect(System.Configuration.Configurati onManager.AppSettings["WindowsSiteUrl"], true);
}
}

The web.config I have is set up as:

<appSettings
<add key="AnonymousSiteUrl" value="http://localhost/SecuritySiteTestAnon" /
<add key="WindowsSiteUrl" value="http://localhost/SecuritySiteTest" /
</appSettings

with the following authentication/identity:

authentication mode="Windows" /
identity impersonate="true"/

It really is that simple. If I set up two virtual directories in IIS
pointing to the same directory, and then publish this (VERY) simple site to
the folder, if I browse to the SecuritySiteTestAnon page I can login okay, I
can logout of the SecuritySiteTest page I get directed to, but then clicking
Login again just leaves me in SecuritySiteTestAnon.

I've tried many things, maybe this is simply not possible. BTW, this is on
Windows Server 2003.

Help!

Thx,

CD

"Competitive Dad" wrote:

I need to have a site that supports both of the above schemes.

I have created the site and published it to a folder and have set up two
virtual directories on the folder, one with Anonymous enabled, the other with
Windows Authentication.

I have a login/logout button that when clicked does a simple redirect to the
appropriate site. I am checking
HttpContext.Current.User.Identity.IsAuthenticated to decide what to do.

The site is identical in both cases, and the web.config is set as:

authentication mode="Windows" /
identity impersonate="true" /

Now this all works fine, if I start on Anonymous click the login button I'm
directed to the Windows URL and access to resources is correct.

If I then click the login/logout button again, this also works and I get
sent back to the Anonymous URL and the resource access is correct.

If I then try clicking the login/logout button for a third time, I am just
left in the Anonymous site and am never taken to the Windows URL.

I've tried IsAuthenticated, I've tried checking User.Identity.Name.Length
and all manner of other things as my test to redirect and nothing seems to
work.

Anyone got anything else I could try or advice on why it is not working?

Many thanks,

CD