|
Home > Archive > Microsoft Content Management Server > September 2005 > Access Denied and Windows Authentication
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Access Denied and Windows Authentication
|
|
| Sophie 2005-09-20, 8:48 pm |
| Hi,
I have a mixed Commerce Server and CMS Site.
Users access the public site using Anonymous Access, as a CMS guest
user (CMSGuest).
When a user logs in with a Commerce Server login via our login page I
want them to be able to view some restricted channels so I use
CmsFormsAuthentication.AuthenticateAsUser and SetAuthCookie to log them
in as a CMS subscriber (CMSLoggedInUser) with wider channel subscriber
access than CMSGuest.
When I set the web.config for the site to use Windows authentication,
then once logged in, if the user leaves their browser for a time longer
than the CMS timeout, then when they come back they have no CMS rights
and only get the message 'Access Denied' on screen, which I believe
is being written out by the CMS ISAPI filter. The CMS ticket for the
user I chose to authenticate as (CMSLoggedInUser) still exists, but has
timed out. No code on the site is run at this point, as it is being
stopped by the CMS ISAPI filter, so I cannot delete the CMS ticket. The
only way out of this is to start a new browser session.
I have tried to get around this problem by setting my web.config to
Forms Authentication, so when the logged on CMS user times out, I am
pushed back the specified login page (from the web.config), where the
first thing I do is delete the CMS ticket;
HttpCookie cmsCookie=
HttpContext.Current.Request.Cookies["CMSAUTHTOKEN"];
if (cmsCookie!=null)
{
cmsCookie.Expires=System.DateTime.Now;
HttpContext.Current.Response.Cookies.Add(cmsCookie);
}
so now I can access CMS under the CMS guest account again. This works
for the public site, and I make sure the Commerce Server timeout and
Forms timeout are all set for the same interval, and the user just logs
in again.
However, I have a separate CMS authoring site on another port but with
the same underlying home directory. I need users to be able to do
authoring on this site using Windows authentication. I cannot use Forms
Authentication for this as my login form is to log the user in as a
commerce server user, and I need to be able to manage authoring rights
of users using Site Manager, with Windows Accounts. On the authoring
site Anonymous Access is turned off and the users are prompted with a
login box.
However, when the web.config specifies Forms Authentication the
authoring console does not appear. I am not sure why this is, the
Windows account I have logged in as has authoring rights.
When the web.config specifies Windows Authentication then authoring is
fine, but I get the 'Access Denied' problem, described above.
Is there any way I can use Windows Authentication for the authoring
site, and have a way of giving CMS guest users on the public site
rights to view additional channels once they have logged in to Commerce
Server, without the 'Access Denied' timeout issue?
Thanks,
Sophie.
| |
| Stefan [MSFT] 2005-09-20, 8:48 pm |
| Hi Sophie,
usually we recommend the following setup:
1) create a separate physical directory for both websites and place the
different web.config in these files - nothing else!
2) now create virtual directories pointing to the one physical template
subdirectory
This will allow you to have two different web.config files but still have
the same templates.
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------
"Sophie" <sfholden@hotmail.com> wrote in message
news:1127237553.806538.135380@g43g2000cwa.googlegroups.com...
> Hi,
> I have a mixed Commerce Server and CMS Site.
> Users access the public site using Anonymous Access, as a CMS guest
> user (CMSGuest).
> When a user logs in with a Commerce Server login via our login page I
> want them to be able to view some restricted channels so I use
> CmsFormsAuthentication.AuthenticateAsUser and SetAuthCookie to log them
> in as a CMS subscriber (CMSLoggedInUser) with wider channel subscriber
> access than CMSGuest.
>
> When I set the web.config for the site to use Windows authentication,
> then once logged in, if the user leaves their browser for a time longer
> than the CMS timeout, then when they come back they have no CMS rights
> and only get the message 'Access Denied' on screen, which I believe
> is being written out by the CMS ISAPI filter. The CMS ticket for the
> user I chose to authenticate as (CMSLoggedInUser) still exists, but has
> timed out. No code on the site is run at this point, as it is being
> stopped by the CMS ISAPI filter, so I cannot delete the CMS ticket. The
> only way out of this is to start a new browser session.
>
> I have tried to get around this problem by setting my web.config to
> Forms Authentication, so when the logged on CMS user times out, I am
> pushed back the specified login page (from the web.config), where the
> first thing I do is delete the CMS ticket;
> HttpCookie cmsCookie=
> HttpContext.Current.Request.Cookies["CMSAUTHTOKEN"];
> if (cmsCookie!=null)
> {
> cmsCookie.Expires=System.DateTime.Now;
> HttpContext.Current.Response.Cookies.Add(cmsCookie);
> }
> so now I can access CMS under the CMS guest account again. This works
> for the public site, and I make sure the Commerce Server timeout and
> Forms timeout are all set for the same interval, and the user just logs
> in again.
>
> However, I have a separate CMS authoring site on another port but with
> the same underlying home directory. I need users to be able to do
> authoring on this site using Windows authentication. I cannot use Forms
> Authentication for this as my login form is to log the user in as a
> commerce server user, and I need to be able to manage authoring rights
> of users using Site Manager, with Windows Accounts. On the authoring
> site Anonymous Access is turned off and the users are prompted with a
> login box.
> However, when the web.config specifies Forms Authentication the
> authoring console does not appear. I am not sure why this is, the
> Windows account I have logged in as has authoring rights.
> When the web.config specifies Windows Authentication then authoring is
> fine, but I get the 'Access Denied' problem, described above.
>
> Is there any way I can use Windows Authentication for the authoring
> site, and have a way of giving CMS guest users on the public site
> rights to view additional channels once they have logged in to Commerce
> Server, without the 'Access Denied' timeout issue?
>
> Thanks,
> Sophie.
>
|
|
|
|
|