Hi all,
We have an asp.net 1.1 app that we're in the process of converting to
2.0. What I'm about to describe runs just great in the 1.1
framework, but does not work in the 2.0 framework.
This app uses forms authentication and denies all unauthenticated
users. There is a location override in the web.config so that we can
open up a directory for unauthenticated users to create a login
account. There is only 1 web.config in the app, and it's located in
the root directory. Here are the relevant parts of the web.config:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="login/login.aspx" name="dmdotcomauth"
protection="All" timeout="20" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="signup">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
In the signup folder are a couple of aspx files used to create the
login account. In ASP.NET 1.1, when the user browses to the aspx
files in the signup folder, such as http://localhost/webapp/signup/CreateAccount.aspx,
that aspx file display correctly, no problem. However in ASP.NET
2.0, when the user browses to that same file, the user is redirected
to the login page. In ASP.NET 2.0, if I login to the app, and then
browse to the CreateAccount.aspx, then it works OK....however this is
obviously not what I'm looking for, but it proves that the
CreateAccount.aspx page functions properly in the 2.0 environment.
It it matters any, from an IIS standpoint, the virtual directory
"webapp" is set to allow anonymous access and windows integrated
authentication.
Has anyone run into problems dealing with forms authentication
overrides for subfolders in ASP.NET 2.0 using the <locationelement
of the web.config? This used to work fine in 1.1, I'm not sure what's
different now.
--steve
