asp.net security: I'm having issues mixing integrated Windows authentication and anonymous
access on same IIS app.

Basically, any post back event fails (Forms collection empty and control's
event handler never called) on anonymous page when:

1 - user opens an aspx page that requires integrated Windows authentication

2 - user navigates to aspx page (through hyperlink, post back redirect, etc
....) w\ anonymous access.

ALL server side events fail on anonymous aspx page (Forms collection
empty...).



This is NOT an issue when using basic authentication.

This is NOT an issue when anonymous page is on a different web application.

To duplicate:

1- create two aspx pages, add then to same IIS application.
2- set integrated windows authentication on first page and allow anonymous
on second page (using IIS console).
3- add hyperlink that directs browser from windows auth page to second
anonymous access page.
4- add button to second aspx page, wire up click event handler for this
button.
5- launch first page (the one w\ windows authentication ).
6- click hyperlink to navigate to anonymous page.
7- click button once anonymous page loaded.
ISSUE: server side event NOT fired!

I also reproduced the problem. The two requests use different credentials,
but they are in same session. I suspect this cause the problem. I will
continue to research on this issue to confirm if this is a problem of ASP
.NET.

Thanks,

Luke

Hello,

DId you still monitor this issue? Based on my research, the best work
around for this issue is to place these two web form in different web
application and grant different security setting the applications. There is
indeed some problems when we grnat permission on page level.

Luke