ASP.NET 2.0 and 4.0 seem to treat the root url differently in Forms Authentication
Posted
by
Kev
on Stack Overflow
See other posts from Stack Overflow
or by Kev
Published on 2011-02-22T16:23:24Z
Indexed on
2011/02/22
23:25 UTC
Read the original article
Hit count: 308
If have the following web.config
:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="MembershipCookie"
loginUrl="Login.aspx"
protection="All"
timeout="525600"
slidingExpiration="true"
enableCrossAppRedirects="true"
path="/" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
The application is an ASP.NET 2.0 application running on Windows 2008R2/IIS7.5.
If the site's application pool is configured to run ASP.NET 2.0 and I browse to http://example.com
then Default.aspx
is rendered as you'd expect from the rules above.
However if the application pool is set to run ASP.NET 4.0 I am redirected to the login page. If I explicitly specify http://example.com/default.aspx
then all is good and default.aspx
renders.
I've tried rewriting / -> /default.aspx
(using IIS UrlRewriter 2.0) but the result is still the same, I get kicked to the login page.
I've also tried this with an ASP.NET 4.0 application with the same result (which is where the problem initially arose). The reason I tried this with a 2.0 application was to see if there was a change in behaviour, and it seems that /
is handled differently in 4.0.
So to summarise, using the configuration above the following is observed:
ASP.NET Version Url Behaviour ------------------------------------------------------------------------- 2.0 http://example.com Renders Default.aspx 2.0 http://example.com/Default.aspx Renders Default.aspx 4.0 http://example.com Redirects to Login.aspx 4.0 http://example.com/Default.aspx Renders Default.aspx
Is this a bug/breaking change or have I missed something glaringly obvious?
© Stack Overflow or respective owner