.NET 4.0 Forms Authentication change?

Posted by James Koch on Stack Overflow See other posts from Stack Overflow or by James Koch
Published on 2010-06-15T11:25:49Z Indexed on 2010/06/15 11:32 UTC
Read the original article Hit count: 329

Filed under:
|

I'm seeing some new behavior in Forms Authentication after upgrading to .NET 4.0. This occurs only on IIS 6, not on 7.

Background - In web.config, we configure Forms Authentication, and then use <authorization> tags to globally deny anonymous/unauthenticated users access. Then we explicitly allow access to a login.aspx page using a <location> tag. Generally, this works fine, as it did when we were on .NET 2.0 (3.5).

The issue only occurs when we visit the root path of the site, ie "http://myserver/". Our default document is configured in IIS to be login.aspx. Under .NET 4.0, upon visiting that URL, we're redirected to "http://myserver/login.aspx?ReturnUrl=/". If you log in from here, you're logged in and returned back at the log in page (yuck).

Just wanted to post this here to see if anyone else is experiencing this. It's not listed on any "breaking changes" documentation I've been able to find. Either I'm missing something, or the UrlAuthorization module has changed and is no longer "smart" about IIS default documents.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about asp.net-4.0