By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,369 Members | 1,001 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,369 IT Pros & Developers. It's quick & easy.

Problem with ASP.NET 2.0 Location override of Forms Authentication settings

P: n/a
Hi all,

We have an asp.net 1.1 app that we're in the process of converting to
2.0. What I'm about to describe runs just great in the 1.1
framework, but does not work in the 2.0 framework.

This app uses forms authentication and denies all unauthenticated
users. There is a location override in the web.config so that we can
open up a directory for unauthenticated users to create a login
account. There is only 1 web.config in the app, and it's located in
the root directory. Here are the relevant parts of the web.config:

<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="login/login.aspx" name="dmdotcomauth"
protection="All" timeout="20" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="signup">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>
In the signup folder are a couple of aspx files used to create the
login account. In ASP.NET 1.1, when the user browses to the aspx
files in the signup folder, such as http://localhost/webapp/signup/CreateAccount.aspx,
that aspx file display correctly, no problem. However in ASP.NET
2.0, when the user browses to that same file, the user is redirected
to the login page. In ASP.NET 2.0, if I login to the app, and then
browse to the CreateAccount.aspx, then it works OK....however this is
obviously not what I'm looking for, but it proves that the
CreateAccount.aspx page functions properly in the 2.0 environment.
It it matters any, from an IIS standpoint, the virtual directory
"webapp" is set to allow anonymous access and windows integrated
authentication.

Has anyone run into problems dealing with forms authentication
overrides for subfolders in ASP.NET 2.0 using the <locationelement
of the web.config? This used to work fine in 1.1, I'm not sure what's
different now.

--steve

Mar 13 '07 #1
Share this Question
Share on Google+
1 Reply


P: n/a
On Mar 13, 10:03 am, "n33470" <n33...@gmail.comwrote:
Hi all,

We have an asp.net 1.1 app that we're in the process of converting to
2.0. What I'm about to describe runs just great in the 1.1
framework, but does not work in the 2.0 framework.

This app uses forms authentication and denies all unauthenticated
users. There is a location override in the web.config so that we can
open up a directory for unauthenticated users to create a login
account. There is only 1 web.config in the app, and it's located in
the root directory. Here are the relevant parts of the web.config:

<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="login/login.aspx" name="dmdotcomauth"
protection="All" timeout="20" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="signup">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>

In the signup folder are a couple of aspx files used to create the
login account. In ASP.NET 1.1, when the user browses to the aspx
files in the signup folder, such ashttp://localhost/webapp/signup/CreateAccount.aspx,
that aspx file display correctly, no problem. However in ASP.NET
2.0, when the user browses to that same file, the user is redirected
to the login page. In ASP.NET 2.0, if I login to the app, and then
browse to the CreateAccount.aspx, then it works OK....however this is
obviously not what I'm looking for, but it proves that the
CreateAccount.aspx page functions properly in the 2.0 environment.
It it matters any, from an IIS standpoint, the virtual directory
"webapp" is set to allow anonymous access and windows integrated
authentication.

Has anyone run into problems dealing with forms authentication
overrides for subfolders in ASP.NET 2.0 using the <locationelement
of the web.config? This used to work fine in 1.1, I'm not sure what's
different now.

--steve
I figured it out. It was a coding problem on our side within the
CreateAccount page that caused the redirect to the login page. It was
not the forms authentication that caused the redirect.

The forms authentication design using the location override for
authorization values in different sub folders works just fine in
ASP.NET 2.0.

--steve

Mar 13 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.