.NET 4.0 Forms Authentication change?
Posted
by James Koch
on Stack Overflow
See other posts from Stack Overflow
or by James Koch
Published on 2010-06-15T11:25:49Z
Indexed on
2010/06/15
11:32 UTC
Read the original article
Hit count: 329
ASP.NET
|asp.net-4.0
I'm seeing some new behavior in Forms Authentication after upgrading to .NET 4.0. This occurs only on IIS 6, not on 7.
Background - In web.config, we configure Forms Authentication, and then use <authorization
> tags to globally deny anonymous/unauthenticated users access. Then we explicitly allow access to a login.aspx page using a <location
> tag. Generally, this works fine, as it did when we were on .NET 2.0 (3.5).
The issue only occurs when we visit the root path of the site, ie "http://myserver/". Our default document is configured in IIS to be login.aspx. Under .NET 4.0, upon visiting that URL, we're redirected to "http://myserver/login.aspx?ReturnUrl=/". If you log in from here, you're logged in and returned back at the log in page (yuck).
Just wanted to post this here to see if anyone else is experiencing this. It's not listed on any "breaking changes" documentation I've been able to find. Either I'm missing something, or the UrlAuthorization module has changed and is no longer "smart" about IIS default documents.
© Stack Overflow or respective owner