LoginView works in Account folder, not in root folder of website

Question

I have been searching the internet for an answer to my problem and have read through the msdn site on ASP.Net controls, security and authentication but either cannot find the answer or missed it with all the information I have read.

I am building a website in ASP.Net v2.0 to be hosted on a remote server. I am using MySQL as the back end which also contains the user tables. I have used the same user table structure as that used in the default membership table. The folders in the application all have the default role privileges assigned to them.

The following problem is occurring in my testing on my local computer.

When I login a user using the ~/Account/Login.aspx page I redirect the user to ~/Account/AccountDetails.aspx, which contains a LoginView. After logging in, the user name is visible on this page inside the LoginView and they are Authenticated.

When I then go to ~/Default.aspx, and using the same code for the LoginView, the username is not displaying and they are no longer Authenticated.

I do not want to create multiple pages to show the same data, as both logged in and anonymous users need to see the same information in the ~/Default.aspx page. I was just hoping to show that the user is logged in on the Default.aspx page or any page in the ~/ folder.

I know it is going to be a simple setting or change that is required, like a role or membership or something, but I cannot figure it out.

I have looked through stackoverflow and found a lot of LoginView questions, but cannot seem to find one that answers my question.

I was hoping someone might be able to point me in the right direction.

Here is the code used on both the Default.aspx and AccountDetails.aspx pages. It is the default LoginView code from the template ASP.Net website application.

<div class="loginDisplay">
  User Authenticated? <%= Page.User.Identity.IsAuthenticated %>
  <asp:LoginView ID="HeadLoginView" runat="server">
    <AnonymousTemplate>
      [ <a href="~/Account/Login.aspx" ID="HeadLoginStatus" runat="server">Log In</a> ]
    </AnonymousTemplate>
    <LoggedInTemplate>
      Welcome <span class="bold"><asp:LoginName ID="HeadLoginName" runat="server" /></span>!
      [ <asp:LoginStatus ID="HeadLoginStatus" runat="server" LogoutAction="Redirect" LogoutText="Log Out" LogoutPageUrl="~/"/> ]
    </LoggedInTemplate>
  </asp:LoginView>
</div>  

The ~/Account/web.config file contains the following:

<?xml version="1.0"?>  
<configuration>  

  <location path="Register.aspx">  
    <system.web>  
      <authorization>  
        <allow users="*"/>  
      </authorization>  
    </system.web>  
  </location>  


  <system.web>  
    <authorization>  
      <deny users="?" />  
    </authorization>  
  </system.web>  
</configuration>

The ~/web.config file contains the following information. I have edited some of the values for username and passwords. I have also removed the commented lines.

<?xml version="1.0"?>  
<configuration>  
  <connectionStrings>  
    <add name="MySqlMembershipConnection" connectionString="Data Source=mydatasource;user id=dotnet;password=dotnet;" providerName="MySql.Data.MySqlClient" />    
    <add name="mycs" connectionString="Dsn=mydsn" providerName="System.Data.Odbc" />    
    <remove name="LocalMySqlServer" />    
    <add name="LocalMySqlServer" connectionString="database=mydsn;server=localhost;User Id=dotnet;password=dotnet" providerName="MySql.Data.MySqlClient" />    
  </connectionStrings>    
  <system.web>    
    <sessionState mode="Custom" cookieless="false" regenerateExpiredSessionId="true" customProvider="MySqlSessionStateProvider">    
      <providers>    
        <add name="MySqlSessionStateProvider" type="MySql.Web.SessionState.MySqlSessionStateStore, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="LocalMySqlServer" writeExceptionsToEventLog="False" autogenerateschema="True" />    
      </providers>    
    </sessionState>    
    <authentication mode="Forms">    
      <forms loginUrl="~/Account/Login.aspx" timeout="30" name=".ASPXFORM$" path="~/" requireSSL="false" slidingExpiration="true" defaultUrl="~/Default.aspx" enableCrossAppRedirects="false" />    
    </authentication>    
    <membership defaultProvider="MySQLMembershipProvider">    
      <providers>    
        <clear />    
        <remove name="MySQLMembershipProvider" />    
        <add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="mydescription" connectionStringName="LocalMySqlServer" writeExceptionsToEventLog="False" autogenerateschema="True" enablePasswordRetrieval="False" enablePasswordReset="True" requiresQuestionAndAnswer="True" requiresUniqueEmail="False" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />    
      </providers>    
    </membership>    
    <profile defaultProvider="MySQLProfileProvider">    
      <providers>    
        <clear />    
        <remove name="MySQLProfileProvider" />    
        <add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="LocalMySqlServer" writeExceptionsToEventLog="False" autogenerateschema="True" />    
      </providers>    
    </profile>    
    <roleManager enabled="true" defaultProvider="MySQLRoleProvider">    
      <providers>    
        <clear />    
        <add applicationName="/" name="AspNetWindowsTokenRoleProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />    
        <add applicationName="/" description="" connectionStringName="LocalMySqlServer"
      writeExceptionsToEventLog="False" autogenerateschema="True"
      name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />    
      </providers>    
    </roleManager>    
    <customErrors mode="Off" />    
    <compilation debug="true" />    
  </system.web>    

  <system.net>    
    <mailSettings>    
      <smtp from="user@domain.com">    
        <network host="mail.domain.com" password="mypassword" userName="myusername" />    
      </smtp>    
    </mailSettings>    
  </system.net>    

  <system.webServer>    
    <modules runAllManagedModulesForAllRequests="true" />    
  </system.webServer>    

</configuration>    

Answer 1

So after much testing I figured out where the problem was. Firstly, I had three connection strings, one for the data and two for the forms authentication. I combined the two forms authentication connection strings into a single connection string. This allows me to have one connection string for data and one for authentication.

Next, I wanted to find out where my problem was occurring, so I created a new blank ASP.NET website in VS 2010 and then step by step, added in support for MySQL. This was done by adding in the MySQL Data and Web references first, then the connection strings and then finally the forms authentication.

I noticed in the forms element in the system.web authentication element, that it only included the loginURL and timeout attributes, so I tested the application by adding in additional attributes for the forms element until I found the attribute causing the problem.

In my forms element the path attribute was set to '~/'. When I changed this to '/' the application started to work correctly.