I have found some posts on this, but I can't seem to find the right solution:
I have a .net 4.0 web application that uses Forms authentication very good. Now, I wanted to implement the same thing in a new project in 4.5, but I keep getting a 401.2 (access denied) error on the login page when I enter an unauthorized section.
The application redirects correctly(in an mvc way of things, without the .aspx in my pages), but on the login page, I keep getting the error that I am unauthorized to view this page due to server configurations.
I then tried the demo from microsoft, which says framework 4.5 is supported, but it still doesn't work.
This is my general web.config section:
<authentication mode="Forms">
<forms loginUrl="/admin/Login.aspx" />
</authentication>
And this is the web.config in my folder which I want to be protected from unauthorized users:
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
When I set allow users="*" the application works fine, and I can enter every page. I then thought it might have something to do with the mvc approach in my forms authentication, but that doesn't seem to be the problem, I also tried this fix from Rick Strahl, but that didn't help. (link)
Any ideas?
EDIT When I change the location of my login.aspx to a folder outside the protected area I get redirected correctly, but I would like to keep the login.aspx page inside the protected folder, as I did before. visual studio automatically allows access to the loginUrl="", no?