C# .NET login not re-directing

StackOverflow https://stackoverflow.com/questions/16503958

Question

I'm trying to setup Forms authentication in IIS 7. When the user tries to hit any url on the site they are redirected to the login page but after they login they don't leave the page. If I enable Anonymous logging then then login page works fine and the page is redirected to the landing page.
Here's the web.config:

<?xml version="1.0" encoding="UTF-8"?>

<configuration>
    <appSettings>
        <add key="LandingPage" value="/home/default.htm" />
    </appSettings>

    <system.web>
        <compilation debug="false" />
        <authentication mode="Forms">
            <forms loginUrl="/login/login.aspx" timeout="60" />
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>

    <system.webServer>
        <httpErrors errorMode="DetailedLocalOnly">
            <remove statusCode="401" subStatusCode="-1" />
            <error statusCode="401" prefixLanguageFilePath="" path="/login/login.aspx" responseMode="ExecuteURL" />
        </httpErrors>
        <defaultDocument enabled="false">
            <files>
                <remove value="iisstart.htm" />
                <remove value="index.htm" />
                <remove value="Default.htm" />
                <remove value="Default.asp" />
                <remove value="default.aspx" />
            </files>
        </defaultDocument>
        <directoryBrowse enabled="false" />
        <modules>
            <remove name="FormsAuthentication" />
            <remove name="DefaultAuthentication" />
            <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="" />
            <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
        </modules>
    </system.webServer>

</configuration>

I've followed instructions in http://technet.microsoft.com/en-us/library/cc753252(v=ws.10).aspx and http://www.iis.net/learn/application-frameworks/building-and-running-aspnet-applications/using-aspnet-forms-authentication but I must have missed something.

Thanks.

EDIT: Added the suggested elements but the same thing happens. Fiddler shows this:

1   302 HTTP    localhost   /   148         iexplore:14040          
2   200 HTTP    localhost   /login/login.aspx?ReturnUrl=%2f 4,896   private     text/html; charset=utf-8    iexplore:14040          
3   304 HTTP    localhost   /images/newheader.jpg   0           iexplore:14040          
4   302 HTTP    localhost   /login/login.aspx?ReturnUrl=%2f 142 private, no-cache="Set-Cookie"      text/html; charset=utf-8    iexplore:14040          
5   302 HTTP    localhost   /home/default.htm   170         iexplore:14040          
6   200 HTTP    localhost   /login/login.aspx?ReturnUrl=%2fhome%2fdefault.htm   4,918   private     text/html; charset=utf-8    iexplore:14040          
7   304 HTTP    localhost   /images/newheader.jpg   0           iexplore:14040
Was it helpful?

Solution

Replace this

<authorization>
   <deny users="?" />
</authorization>

With this

<authorization>
    <deny users ="?" />
    <allow users = "*" />
</authorization>

In the first configuration you are blocking all users and forgetting to allow access to authenticated users.

Look here for more information.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top