i am using forms authentication. in my web.config i have
<authentication mode="Forms">
<forms loginUrl = "Logon.aspx" name = "adAuthCookie" timeout = "60" path="/">
/forms>
</authentication>
<authorization>
<deny users = "?"/>
<allow users = "*"/>
</authorization>
my program contains logic to authorize what the user is allowed to access. A user clicks on a hyper link in a datagrid to access a form. The logic in the program determines whether the user is authorized to see this form of not.
the problem is that when the link is clicked on then a windows pop up appears asking for username and password and authorizes the user to view the page even if the code that i have written does no authorize. windows seems to be over -riding what i have configured the program to do. if i remove the authorization element from the webconfig then the user is not authorized to view anything.
does anyone know how to solve this?
<authentication mode="Forms">
<forms loginUrl = "Logon.aspx" name = "adAuthCookie" timeout = "60" path="/">
/forms>
</authentication>
<authorization>
<deny users = "?"/>
<allow users = "*"/>
</authorization>
my program contains logic to authorize what the user is allowed to access. A user clicks on a hyper link in a datagrid to access a form. The logic in the program determines whether the user is authorized to see this form of not.
the problem is that when the link is clicked on then a windows pop up appears asking for username and password and authorizes the user to view the page even if the code that i have written does no authorize. windows seems to be over -riding what i have configured the program to do. if i remove the authorization element from the webconfig then the user is not authorized to view anything.
does anyone know how to solve this?