I'm having a problem with IIS and ASPX forms authentication and I was hoping someone on here would be able to help me. I created a login script and edited my web.config file based on what I read here. I then published the site from visual studio 05 into my file which is being hosted on an IIS server. After that was done I set up anonymous access and went properties on my web server, "home directory", "configuration", and then added the .html extension with the executable path being the same as my .aspx extension. After that html was prevented from being accessed without passing through the login page but the problem is now that I get a "page cannot be accessed" error when the html page is redirected from my login page.

I test to see if it was in fact the html extension that was causing the problem by, firstly, by changing the extension of the html document to aspx and it worked fine (redirected properly and appeared properly). Now that I knew aspx extensions were working properly I thought the problem might be that html pages simply weren't redirecting properly, I test this by logging on using default.aspx, going through the login page, and getting a cookie. Once I had a cookie I tried entering \\<webserver>\index.html into my web browser and again got the "Page cannot be accessed" page.

So, to recap, the problem isn't the redirection from the login page and the problem is not the location of the page as changing the extension didn't work and trying to enter the page without redirection didn't work. My thoughts are that it's a permissions problems but I've enabled everything in the web service extensions settings.

Any help would be greatly appreciated. I've been working on this way too long to give up now but can't really justify spending much more company time trying to figure this out. It seems that if I change all my extensions to ".aspx" I SHOULD be fine but that's a lot of retrofitting and considering the amount of time I've spent on this site already I'd rather consider other options.

Again, any help or insight would be much appreciated.

Thanks in advance,

Fr33m3
 

 Hi Freeme,

Am I right about this:

1. Your forms authentication works? right?
    
    
   
2. The protection of a page.html fails?

Can you post your web.config code? Well, the authorisation part will do I guess ..... EDIT: plus the authentication also I guess ;)

Please comment on my observations!

Kind regards,
Wim
 

 thanks for the response.

1. My forms authentication works properly and authenticates against my active directory perfectly

2. the protection of the page.html works BUT html don't display. In other words html pages redirect to the login page but when the html page is redirected and "displayed" it give a "this page cannot be displayed" error message.

 <?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>
  <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://fpath to dc/OU=OU,OU=OU,OU=OU,DC=DC,DC=COM"/>
  </connectionStrings>
    <system.web>
        <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.

            Visual Basic options:
            Set strict="true" to disallow all data type conversions
            where data loss can occur.
            Set explicit="true" to force declaration of all variables.
        -->
        <identity userName="username" impersonate="true" password="password" />
        <compilation debug="false" strict="false" explicit="true" />
        <pages>
            <namespaces>
                <clear />
                <add namespace="System" />
                <add namespace="System.Collections" />
                <add namespace="System.Collections.Specialized" />
                <add namespace="System.Configuration" />
                <add namespace="System.Text" />
                <add namespace="System.Text.RegularExpressions" />
                <add namespace="System.Web" />
                <add namespace="System.Web.Caching" />
                <add namespace="System.Web.SessionState" />
                <add namespace="System.Web.Security" />
                <add namespace="System.Web.Profile" />
                <add namespace="System.Web.UI" />
                <add namespace="System.Web.UI.WebControls" />
                <add namespace="System.Web.UI.WebControls.WebParts" />
                <add namespace="System.Web.UI.HtmlControls" />
            </namespaces>
        </pages>
        <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
      <authentication mode="Forms">
        <forms
           name=".ADAuthCookie"
           timeout="10" />
       
      </authentication>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
      <membership defaultProvider="MyADMembershipProvider">
        <providers>
          <add
            name="MyADMembershipProvider"
            type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,&#xD;&#xA;                  Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

            connectionStringName="ADConnectionString"
            connectionUsername="username"
            connectionPassword="password"
            attributeMapUsername="sAMAccountName" />
        </providers>
      </membership>
        <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    </system.web>
    <location path="Index.htm" allowOverride="true" inheritInChildApplications="true">
        <system.web>
            <identity userName="username" impersonate="true" password="password" />
        </system.web>
    </location>
</configuration>

is what my web.config looks like but I don't think it has anything to do with the web.config because if it did, wouldn't it prohibit my aspx pages from displaying as well?

Thanks for the help! 

I found this site (http://support.microsoft.com/kb/815172) which basically says you need to modify the configuration file to use the appropriate handler for the .dll file. So I did what the blog said and now I'm getting an error that says:

"There is no build provider registered for the extension '.htm'. You can register one in the <compilation><buildProviders> section in machine.config or web.config. Make sure is has a BuildProviderAppliesToAttribute attribute which includes the value 'Web' or 'All'. "

Does anyone know if I'm following a fault lead or the solution to this error message?

Thanks in advance

fr33m3 

Okay, so I figured out my problem and I'm super happy about it and I thought I would share my results. Here's the steps to configuring ASP.NET (extension aspx) to protect all files using a forms authentication login page:

1.) follow the guide found here ( http://msdn2.microsoft.com/en-us/library/ms998360.aspx ) to configure the login page and default.aspx page

2.) configure .htm, .asp. etc. etc. extensions to use the same filter as a standard .aspx page:

            a.) right click on your virtual directory --> properties

            b.) find the virtual directories tab for IIS 5.0 or the Home directories tab for IIS 6.0 and click "Configuration"

            c.) find the .aspx extension, double click, and copy the path to aspnet_isapi.dll, the path being found in the executable text area

            d.) click "add" under the "application configuration" window and paste the path to aspnet_isapi.dll inf the executable text area

            f.) type ".htm" (without the quotes) in the extension text area (this can be replace with any file extension eg: asp/html)

            e.) while still in the "add/edit application extension mapping" window click the "limit to" radio button and type "GET,HEAD,POST,DEBUG"

            f.) ensure that the "script engine" radio button is selected but not the "verify the file exists" radio button

3.) add the following to the script.web heading in web.config file for the directory:

       <httpHandlers>
        <add verb="GET, HEAD, POST, DEBUG" path="*.htm" type="System.Web.UI.PageHandlerFactory"/>
        <add verb="GET, HEAD, POST, DEBUG" path="*.html" type="System.Web.UI.PageHandlerFactory"/>
        <add verb="GET, HEAD, POST, DEBUG" path="*.asp" type="System.Web.UI.PageHandlerFactory"/>
       </httpHandlers>

note: add any other extensions that were configuration in the application configuration window

 
4.) find the "compilation: section of the web.config file and ensure it looks like the following:

        <compilation debug="false" strict="false" explicit="true">
            <buildProviders>
                        <add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
            <add extension=".asp" type="System.Web.Compilation.PageBuildProvider" />
            <add extension=".html" type="System.Web.Compilation.PageBuildProvider" />    
            </buildProviders>
         </compilation>

5.) Go grab a coffee, you're done!

I hope this helps anyone who needs the same setup. This will allow you to create a page entitled "login.aspx" and ensure that any file, whether it be .html, .htm, .asp, etc. etc., under your virtual directory will be protected using forms authentication.

 btw: here are some links I found extremely helpful:

 http://support.microsoft.com/kb/815172

http://www.iislogs.com/articles/9/

unfortunately I couldn't find one source to tell you how to do all of this but now, hopefully, this will help people out a bit.

Fr33m3
 

Thanks heaps for your post, I had the same issue and your instructions helped me fix the problem

Hi,

I am really really interested of implementing a web authentication form for my html pages so I followed every step of your procedure and I ran a test. The good thing is that when I want to access the html pages of my website, it will redirect me to the login page because I am not logged in. When I log in and  try to access to any web page that has a .html extension it gives me the following error: 

Server Error in '/' Application.

The file '/Help/English/HTML/index.html' has not been pre-compiled, and cannot be requested.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: The file '/Help/English/HTML/index.html' has not been pre-compiled, and cannot be requested.

Source Error:

Stack Trace:

[HttpException (0x80004005): The file '/Help/English/HTML/index.html' has not been pre-compiled, and cannot be requested.]

   System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) +8756366

   System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) +101

   System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +126

   System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp, Boolean noAssert) +62

   System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +33

   System.Web.UI.PageHandlerFactory.System.Web.IHttpHandlerFactory2.GetHandler(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +40

   System.Web.HttpApplication.MapHttpHandler(HttpContext context, String requestType, VirtualPath path, String pathTranslated, Boolean useAppConfig) +160

   System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +93

   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

I am using IIS 6.0 and my web application is pre-compiled by the asp.net compiler (aspnet_compiler.exe) of the .net framework 2.0.50727.

Can you help me, plz???

Thanks in advance,

Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053