Jof,
There are two things going on here. First, in the web.config file for
the application, you have to make sure that the <authorization> element will
deny people who are not authenticated (using a deny rule of "?").
On top of that, you will have to make sure that the ASP.NET ISAPI
extension is mapped to handle .HTM and .HTML pages. Otherwise, IIS will
just process it normally and serve it up.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- nick(dot)paldino=at=exisconsulting<dot>com
"Jof" <jo***************@virgin.net> wrote in message
news:a1**************************@posting.google.c om...
I have a very badly behaving forms authentication page.
For some it reason it protects .ASPX pages but not .htm ones?
Any ideas?