Hi Kevin,
Welcome to MSDN Managed Newsgroup!
Based on my understanding, the issue is that you're not able to override a
child web site's web.config settings in machine-wide web.config using
<locationelement. It's actually not related to http handler, since
following simple test can reproduce the issue you described:
1) Add following xml snippet in machine-wide web.config:
<location path="Anonymous.aspx" allowOverride="false">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
2) In a web site that is using Forms authentication and denies anonymous
user:
<authentication mode="Forms" >
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
3) Create a web page "Anonymous.aspx" in the web site and visit it in web
browser, it still redirects to the Logon.aspx.
4) This issue also doesn't only exist in Forms authentication mode, if
you're using Windows authentication mode, I believe the user account is
automatically used; if you print Request.IsAuthenticated in Anonymous.aspx,
you will find it's True.
5) If we put the <locationxml snipeet in step 1) to the web site's
web.config, you find it's working correctly.
Therefore the issue seems that <locationelement setting in machine-wide
web.config doesn't overrides the web.config in individual web site.
Currently I'm consulting this question in our internal discussion list with
product team, I'll let you know the result as soon as possible. Thank you
for your patience and understanding.
By the way, I saw that you've posted some posts and somehow they're not
captured in our internal tool system, therefore they're not replied by MSFT
employees. This might be your email alias is not activated or recogonized
at that time. We're sorry for the inconvenience caused. Anyway, since your
account is setup correctly now, would you please post those questions again
so that our tool can recogonize correctly? Thanks.
Sincerely,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.