IIS7 & forms authentication

0
votes

I've been struggling with this all day. I am trying to add forms authentication to my asp.net web site.

I have disabled Anonymous, Windows, ASP.NET Impersonation and enabled Forms Authentication.

I have created a Login.aspx page and have a Default.aspx page. Default.aspx is the default document.

I have added to web.config:

<authentication mode="Forms"/>

This is the behaviour I am experiencing:

1) When testing with http:\localhost\ I get a 401.2 error on the application root.

2) When testing with http:\localhost\Default.aspx I get a 401.2 error on Login.aspx, so redirection is happening but the Login.aspx is giving the error.

So it seems I have no access to any pages on the website even Default.aspx & Login.aspx.

But I canot find a solution, I have even tried:

  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

But this doesn't seem to change anything.

I have also tried 

<authentication mode="Forms">
  <forms loginUrl="Login.aspx" />
</authentication>

But this doesn't do anything different either.

Also if I revert to Anonymous or Windows Authentication then the default document redirection works.

I am using asp.net 3.5 on IIS7 on Vista Business.

Please help!

2
asp.netiisforms-authentication
Give us your block of code you used to declare that the authentication was "forms".Nick Bork
Edited to show authentication section.AJ.
Is it possible that the Windows file permissions on the folder/files arn't allowing the file to be served up? What user permissions are on those files?Nick Bork
No I don't think so as it works with Anonymous Authentication. Also I tried giving Everyone full control and this didn't help.AJ.
By disabling the anonymous authentication you then need to give the application a valid user to run within. Otherwise you will not be able to access it because IIS prevent it. As said below, the webserver authentication and the Asp.net membership are two different things. You can leave the anonymous auth enabled and still use Forms authentication. Give a try by running your website within the webserver in visual studio. It will work fine without the issues you are having with IIS.Giorgio Minardi

2 Answers

2
votes

disabling windows authentication, anonymous user etc on your application in IIS will change the settings about the website identity, not the user membership settings!

If you want to enable authentication on your website for your users you can even leave the anonymous user and windows authentication enabled, so IIS will accept all the request coming to the webserver. You can then use form authentication (implemented with the SignIn method in the login page) to grant your visitors access to only certain parts of the website using the asp.net membership. Have a look at this article about Forms authentication and this one about authorization issues on IIS.

0
votes

Allow anonymous access to folder in IIS and code the below mentioned statements in web.config :

<authorization>
  <deny users="?" />
</authorization>

After adding these statements, you would be redirected to login page whenever you try to navigate to authenticated page,without authentication.

At login page, you will need to generate an authentication ticket after successful login only, to navigate through authenticated pages.