You don't need both. <deny users="?"> means deny anyone 'I don't know' (actually any session that does not have the encrypted ticket already in the header).
<allow users="*"> means allow everyone and don't bother checking for the ticket. MCA Mike Amundsen [EMAIL PROTECTED] 859.392.3125 859.393.3400 (FAX) Host your .NET apps @ EraServer.NET -----Original Message----- From: Moderated discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED]] On Behalf Of hammett Sent: Thursday, January 30, 2003 4:50 PM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] Forms authentication redirects to non-existant URL > Per those last two, our authorization section includes this rather > schizophrenic declaration: > > <authorization> > <deny users="?" /> > <allow users="*" /> > </authorization> What's wrong with this declaration? It's perfectly fine to me. Deny anonymous but once they get autheticated allow access. Regards hammett Almost MCAD :-) You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
