Last post Nov 27, 2014 05:37 PM by Kruddler
Nov 23, 2014 09:55 PM|Kruddler|LINK
I'm trying to implement Forms security. So, in IIS, at my website level, I have disabled anonymous authentication and only have Forms security enabled. As far as I understand, I shouldn't be able to hit any page with the exception of the login page. This
is the config:
<forms name=".ASPXFORMSDEMO" loginUrl="/login.aspx"
protection="All" path="/" timeout="30" />
But, when I try to hit the login page, I get this:
I've tried following this link, but as mentioned, I want to use Forms authentication, not Windows, not anonymous, and not anything else!
Nov 23, 2014 11:26 PM|Careed|LINK
Try removing the "/" before "login.aspx" in your loginUrl attribute. If that doesn't work, then just use this:
<forms name=".ASPXFORMSDEMO" />
All of the attributes you have except for the name will already be default values.
Nov 24, 2014 04:51 PM|Kruddler|LINK
I've tried both these permutations but I get the same result.
Anyway, I think I have a bit more light to shed on this problem. I've scoured the web for answers to this problem, and I believe the solution was staring me in the face all along. Correct me if I'm wrong on this, but I believe that in order to make this
work, the root directory of the website MUST be configured with anonymous access. I believe that my mistake was the assumption that defining the login property would automatically allow access to the login page for everyone.
However, what other forum posts and articles don't say is that in order to block off http access to a given subfolder, you need to turn off anonymous authentication on that particular sub folder. Then, you can create a web.config for that particular
folder to allow access for authenticated users. This seems to be working for me to a certain extent (with caveats right now). But, I haven't been able to get it to work on our production server which is Windows Server 2012.
Anyway, I'm still all ears on ideas about this.
Nov 24, 2014 09:10 PM|Summer - MSFT|LINK
Welcome to the ASP.NET forum.
HTTP Error 401.2 - Unauthorized
About this issue, first, I think you should confirm that you have install the
And the this issue maybe can occur if Anonymous Authentication has been disabled on Remote application in IIS. So please access
Further more relevant information please refer to this link below.
Nov 24, 2014 10:18 PM|Careed|LINK
Yes, Anonymous Authentication and Forms Authentication needs to be verified as being enabled for the website root as well as any web application. You also might check the application pool settings for this website, usually ApplicationPoolIdentity or NetworkService,
and verify that you are using pass-through authentication in IIS.
Nov 27, 2014 05:37 PM|Kruddler|LINK
I have installed Forms Authentication.
I am not using Windows Authentication so I can not use pass through authentication. I am trying to use Url Authentication.
Anyway, I've been having difficulty with IIS because our server is on a slightly older version of IIS. I will be upgrading IIS this weekend and then I will document where I am up to with this problem.