I have run into a really strange problem.
My objective is that I only want user who have authenticated themselves to
be able to access the website (and authentication is performed by form
authentication). Only a registration web page is allowed anonymous access.
I have the following contents in web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- application specific settings -->
<appSettings>
<add key="ConnectionString"
value="server=localhost;Trusted_Connection=true;da tabase=Commerce" />
</appSettings>
<!-- forms based authentication -->
<system.web>
<compilation debug="true" />
<pages validateRequest="true" />
<!-- enable Forms authentication -->
<authentication mode="Forms">
<forms name="CommerceAuth" loginUrl="login.aspx"
protection="All" path="/" />
</authentication>
<authorization><deny users="?" /></authorization>
<!-- enable custom errors for the application -->
<customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" />
<!-- disable session state for application -->
<sessionState mode="Off" />
<globalization fileEncoding="utf-8" requestEncoding="utf-8"
responseEncoding="utf-8"/>
</system.web>
<!-- set non-secure paths -->
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
</configuration>
With this web.config, I have run into a really stange problem. If I access
the website from IIS machine that hosts this application, I get to the
login.aspx as expected. After supplying the correct credential, the
application takes one to the default.aspx as configured.
However, if I access the web application from a remote computer, despite
that having supplied correct credentials, login.aspx keeps redirecting to
itself rather than default.aspx. I checked that login.aspx has executed
FormsAuthentication.RedirectFromLoginPage(loginId, false) method correctly
(i.e., login is successful) using VS debugger.
Any idea what is happening here?
Thanks in advance
CW
