https://stackoverflow.com/questions/22115968
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI ended up managing this by wrapping the entire secure file's content in a div with the ID 'SecureContentWrapper' and set to runat="server". Then in the secure page's code-behind I check System.Web.HttpContext.Current.User.Identity.Name against the allowed users and if the person doesn't have access permissions I overwrite the SecureContentWrapper div's InnerText to a permission's warning. It get's the job done and works with the JQuery UI dialog box perfectly.
ASP.NET - Jquery load() not respecting web.config authorization
-
18-10-2022 - |
Question
I have a asp.net intranet web app with Windows authentication mode and anonymous access enabled. In my web.config I have the following set for a 'Secure' sub-folder:
<location path="Secure">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
The issue is if I hit a page in the Secure folder directly I am correctly validated or challenged for my credentials. However the way I am doing this is by using a JQuery dialog box to load() a page from the Secure folder. The page-behind code in the Secure folder is not executed (which is correct), but any static content is sent with a 200 status code. Here's the JS code:
$('#MyDivID_link').live('click', function (event) {
editDialog.load("Secure/MyEditPage.aspx", function (response, status, xhr) {
if (status == "error") {
$("#MyDivID_Win").html("You are not authorized to use this application or your web browser is not supported.<br><br>Please use Internet Explorer to edit content.");
} else {
$("#btnSubmit").show();
}
}).dialog('open');
return false; });
This all works correctly except for the fact the load() status is 200, so the static content is returned and the load method thinks everything is fine.
Anyone know how I can configure my app to correctly check authentication on a load() and not return anything or is there another JQuery method that will work better? I do not want to set the 'Secure' sub-folder as a Virtual Directory with its own web.config (although this method does work) due to intranet restrictions.
Sort of confusing so let me know if I have to elaborate on anything. Thanks for any help.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
