I am getting a 401.2 error on the default document in VS2013 (and IIS). Here are the steps I'm taking:
- In VS2013, right click choose "New Project"
- Choose "ASP.NET Web Application", click OK
- Choose "Empty" project, Check "Web Forms" at the bottom and click OK
- Right click on the project and choose "Add | Web Form" - named Default.aspx with "Authentication Succeeded" as the page content
- Right click on the project and choose "Add | Web Form" - named Login.aspx
- Add a "Login" as the page content
- Assign an "Authentication" event handler that sets "e.Authenticated = true"
- Update the web.config as listed below
- Press F5
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="default.aspx" />
</files>
</defaultDocument>
<security>
<authorization>
<remove users="*"/>
<add accessType="Deny" users="?" />
<add accessType="Allow" users="*"/>
</authorization>
</security>
</system.webServer>
</configuration>
The behavior that I'm seeing is that http://localhost:12345/Default.aspx behaves correctly (always). In other words, when I first go to Default.aspx, it redirects me to the Login.aspx page. Once I've authenticated, I can see the Default.aspx page. If I logout and try to go to the Default.aspx page again it redirects me to login first.
However, when I got the / URL instead (no Default.aspx) I get a 401.2 error (even if I've authenticated 1st)?
The Default.aspx page is listed as a default document, and if I remove the "Deny" line from the Web.Config - then the default document behaves as expected. But when Deny ? is listed in the web config, suddenly the default document stops working and I have to go to /Default.aspx in order to avoid a 401.2 error.
Any suggests as to why this would behave like this?
I see no errors about any of this in the event log. I see the same behavior when using IISExpress (in VS by pressing F5) or with IIS when going to the public URL directly through a browser.