I've been struggling with this all day. I am trying to add forms authentication to my asp.net web site.
I have disabled Anonymous, Windows, ASP.NET Impersonation and enabled Forms Authentication.
I have created a Login.aspx page and have a Default.aspx page. Default.aspx is the default document.
I have added to web.config:
<authentication mode="Forms"/>
This is the behaviour I am experiencing:
1) When testing with http:\localhost\ I get a 401.2 error on the application root.
2) When testing with http:\localhost\Default.aspx I get a 401.2 error on Login.aspx, so redirection is happening but the Login.aspx is giving the error.
So it seems I have no access to any pages on the website even Default.aspx & Login.aspx.
But I canot find a solution, I have even tried:
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
But this doesn't seem to change anything.
I have also tried
<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>
But this doesn't do anything different either.
Also if I revert to Anonymous or Windows Authentication then the default document redirection works.
I am using asp.net 3.5 on IIS7 on Vista Business.
Please help!
Best Answer
disabling windows authentication, anonymous user etc on your application in IIS will change the settings about the website identity, not the user membership settings!
If you want to enable authentication on your website for your users you can even leave the anonymous user and windows authentication enabled, so IIS will accept all the request coming to the webserver. You can then use form authentication (implemented with the SignIn method in the login page) to grant your visitors access to only certain parts of the website using the asp.net membership. Have a look at this article about Forms authentication and this one about authorization issues on IIS.