Dirk, what you're doing wrong is having a web.config in the directory you
want to control. That essentially creates a new ASP.NET application that has
no ties to the parent app and therefore doesn't know there's a form
authentication (and your authorization setup is ignored because of that).
Just remove the web.config from the subdir you want to control.
The first example below - you're allowing anonymous users to access your
app. In the second you're only allowing single user to access it, that's why
you're getting the login form. What did you expect?
Jerry
"Dirk Meusel" <dm*@rcs.urz.tu-dresden.de> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I know that it should work, I read it in three books and three
knowledgebase articles as well, but it doesn't
It don't know what I'm doing wrong. Now I tried to find the error step
by step,
when I have the following in the web.config of the root dir:
<authentication mode="Forms">
<forms loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<allow users="?" />
<deny users="*" />
</authorization>
I can access the application without having been redirected to
login.aspx at all (but an asp:label that shows the
Page.User.Identity.Name as Text shows nothing)
When I use:
<authentication mode="Forms">
<forms loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<allow users="Dirk Meusel" />
<deny users="*" />
</authorization>
I get the login.aspx first, when I logon I can access the application
and the label shows my Username.
I read that ? represents anonymous users. Is that wrong? What else could
I've done wrong?
Thank you for your patience :-)
Dirk
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!