I am attempting to use mixed authentication for my web application. I'm using a method similar to the answer in this post: How to configure IIS7 when using mixed mode authentication with asp.net.
Except that I want Login.aspx (forms auth login page) to be my default login page. In the Page_Load event for Login.aspx I check the user's IP address, if it is an internal address I redirect them to WindowsLogin.aspx. I want internal users to be automatically logged in. External users have to enter forms credentials.
My web.config has anonymous auth turned off and windows auth turned on for WindowsLogin.aspx. However, when I hit this page I get sent into a Redirect Loop. It tries to send me back to Login.aspx without prompting me for windows credentials or loading the page. In Fiddler I can see the 302's back and forth between the two pages.
It seems like on WindowsLogin.aspx, its still looking for the forms auth token, it doesn't find it, and sends you back to Login.aspx. How do I let the WindowsLogin.aspx page load and prompt for windows credentials?
<authentication mode="Forms">
<forms cookieless="UseDeviceProfile" defaultUrl="~/Default.aspx" enableCrossAppRedirects="true" loginUrl="~/Login.aspx" name=".ASPXAUTH" path="/" protection="All" requireSSL="false" slidingExpiration="true" timeout="10080"/>
</authentication>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true"/>
<windowsAuthentication enabled="false"/>
</authentication>
</security>
</system.webServer>
</location>
<location path="WindowsLogin.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false"/>
<windowsAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
</location>
