I am having some authentication issues. I download a sample app to test the
forms based authentication process of asp.net and it works on one of my
servers but not the other one. The one that it is not working on is my
production server and has OWA, CRM, Sharepoint, etc. Most everything is
configured to require windows authentication and use https but for this one
test folder, I changed it to not use https and to allow anonymous access.
However, when I click on the button that takes me to the page that should
require forms based authentication, it shows me the page without requiring
authentication. I know this is pretty vague but I was hoping someone could
point me in the right direction. There is a publicpage.aspx that just has a
button that redirects me to a page called privatepage.aspx that is in a
subfolder called secret. The web.config for the first folder looks like
this:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx">
<credentials passwordFormat="Clear">
<user name="Jeff" password="imbatman" />
<user name="John" password="redrover" />
<user name="Bob" password="mxyzptlk" />
<user name="Alice" password="nomalice" />
<user name="Mary" password="contrary" />
</credentials>
</forms>
</authentication>
</system.web>
</configuration>
The one that is in the secret folder looks like this:
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
One one server, it redirects to the login page just fine but the other one
doesn't authenticate and just shows me the page. Thanks again for any help.
BTW, both servers are running Windows 2003 without SP1.