Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Forms Authentication Ignoring Default Document

I have spent a day and a half trying to resolve this issue. Bascially have an ASP.net website with Forms Authentication on IIS7 using Framework 4.0.

The Authorization stuff seems to be working perfectly for every scenario with the exception of hitting it with no document specifed (Should resolve to Default Doc).

For example (Please don't be harsh on site its still be developed ;) ), http://www.rewardroster.com/Default.aspx works perfectly, this page should allow anon access as specified in the web.config.

but if I hit www.rewardroster.com Directly it redirects to the login page with Return URL set to "/" or Login.aspx?ReturnUrl=%2f

Some things I have tried:

1) Set Authentication to None and then the Default document worked so thats not the issue.

2) Added DefaultDocument attribute to Web.config

3) Deleted all entries for in Default Document list in IIS except for Default.aspx

4) Added MachineKey entry in Config

5) Toggled from Integrated to Classic pipeline in IIS

Here is what's in my config:

  <authentication mode="Forms">     <forms name="appNameAuth" loginUrl="Login.aspx" protection="All" timeout="60" slidingExpiration="true" defaultUrl="Default.aspx" path="/">     </forms>   </authentication>   </authentication>   <location path="Default.aspx"> 

Thanks so much for your time and hope someone knows what is going on here.

like image 597
SpartanSoft Avatar asked Sep 29 '10 19:09

SpartanSoft


People also ask

How does form authentication work?

Form Authentication is a token-based system. When users log in, they receive a token with user information that is stored in an encrypted cookie. When a user requests an ASP.NET page via the browser, the ASP.NET verifies whether the form authentication token is available.

What is authentication mode forms?

Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source, such as a Membership database, or in the configuration file for an application.


2 Answers

This was my solution:

In Global.asax, method: Application_BeginRequest, place the following:

if (Request.AppRelativeCurrentExecutionFilePath == "~/")      HttpContext.Current.RewritePath("HomePage.aspx"); 

Nice and simple, and you have a chance to build logic around what home page you want to use if your website uses multiple home pages based on configuration variables.

Dmitry.Alk

like image 149
Dmitry.Alk Avatar answered Sep 19 '22 05:09

Dmitry.Alk


I was seeing this same problem when attempting to hit the root path and I tried everything previously mentioned. It seems Asp.net 4.0 adds two ExtensionlessUrl modules to applicationhost.config for IIS 7. You can remove these modules by adding the following to your web.config

<system.webServer>   <handlers>     <remove name="ExtensionlessUrl-Integrated-4.0"/>     <remove name=" ExtensionlessUrl-ISAPI-4.0_32bit "/>   </handlers> </system.webServer> 

Additional Information

Microsoft KB

How extensionless urls are handled by asp net v4

like image 36
Gregory Ostermayr Avatar answered Sep 21 '22 05:09

Gregory Ostermayr