Problem with ASP.NET 2.0 Location override of Forms Authentication settings

  • Thread starter Thread starter n33470
  • Start date Start date
N

n33470

Hi all,

We have an asp.net 1.1 app that we're in the process of converting to
2.0. What I'm about to describe runs just great in the 1.1
framework, but does not work in the 2.0 framework.

This app uses forms authentication and denies all unauthenticated
users. There is a location override in the web.config so that we can
open up a directory for unauthenticated users to create a login
account. There is only 1 web.config in the app, and it's located in
the root directory. Here are the relevant parts of the web.config:

<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="login/login.aspx" name="dmdotcomauth"
protection="All" timeout="20" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="signup">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>


In the signup folder are a couple of aspx files used to create the
login account. In ASP.NET 1.1, when the user browses to the aspx
files in the signup folder, such as http://localhost/webapp/signup/CreateAccount.aspx,
that aspx file display correctly, no problem. However in ASP.NET
2.0, when the user browses to that same file, the user is redirected
to the login page. In ASP.NET 2.0, if I login to the app, and then
browse to the CreateAccount.aspx, then it works OK....however this is
obviously not what I'm looking for, but it proves that the
CreateAccount.aspx page functions properly in the 2.0 environment.
It it matters any, from an IIS standpoint, the virtual directory
"webapp" is set to allow anonymous access and windows integrated
authentication.

Has anyone run into problems dealing with forms authentication
overrides for subfolders in ASP.NET 2.0 using the <location> element
of the web.config? This used to work fine in 1.1, I'm not sure what's
different now.

--steve
 
Hi all,

We have an asp.net 1.1 app that we're in the process of converting to
2.0. What I'm about to describe runs just great in the 1.1
framework, but does not work in the 2.0 framework.

This app uses forms authentication and denies all unauthenticated
users. There is a location override in the web.config so that we can
open up a directory for unauthenticated users to create a login
account. There is only 1 web.config in the app, and it's located in
the root directory. Here are the relevant parts of the web.config:

<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="login/login.aspx" name="dmdotcomauth"
protection="All" timeout="20" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="signup">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>

In the signup folder are a couple of aspx files used to create the
login account. In ASP.NET 1.1, when the user browses to the aspx
files in the signup folder, such ashttp://localhost/webapp/signup/CreateAccount.aspx,
that aspx file display correctly, no problem. However in ASP.NET
2.0, when the user browses to that same file, the user is redirected
to the login page. In ASP.NET 2.0, if I login to the app, and then
browse to the CreateAccount.aspx, then it works OK....however this is
obviously not what I'm looking for, but it proves that the
CreateAccount.aspx page functions properly in the 2.0 environment.
It it matters any, from an IIS standpoint, the virtual directory
"webapp" is set to allow anonymous access and windows integrated
authentication.

Has anyone run into problems dealing with forms authentication
overrides for subfolders in ASP.NET 2.0 using the <location> element
of the web.config? This used to work fine in 1.1, I'm not sure what's
different now.

--steve

I figured it out. It was a coding problem on our side within the
CreateAccount page that caused the redirect to the login page. It was
not the forms authentication that caused the redirect.

The forms authentication design using the location override for
authorization values in different sub folders works just fine in
ASP.NET 2.0.

--steve
 
Back
Top