Why isn't my page redirecting to the login screen for this protected page?

Question

Hi,

I added the following to my web.config to redirect the user to the login page if they aren't authenticated, but going to the URL does cause a redirect?

 <location path="user/add">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

I have setup forms authen. like this:

<authentication mode="Forms">
      <forms loginUrl="/user/login"
             protection="All"
             timeout="30"
             name="MyCookie"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="default.aspx"
             />


    </authentication>

Using .net and mvc.

Answer 1

For one of my applications I have the following in the same node as <authentication>:

<authorization>
    <deny users="?"/>
</authorization>

But this covers the entire application...

Answer 2

Do you have the "Authorize" attribute on that Action or Controller?

Answer 3

May be you should try Allow user tag as well just to check if this portion is working or not?

hmmm angular brackets are not allowed in comments i guess? so im changing them to small brackets.

(location path="user/add")

(system.web)
  (authorization)
    (allow users="testuser" /)
    (deny users="*" /)
  (/authorization)
(/system.web)

(/location)