Hi, I've really tried everything know...I think. =) I used this old article to some succes: http://msdn.microsoft.com/en-us/library/ms972958
Locally on my machine it seems to work for myself, but noone else gets verified by windowsauth. I then tried to set it up on a Server2008 R2 and doing all the IIS settings as in the article. For some reason noone gets authenticated. Found out that the support for windows auth wasn't installed on server. Installed it. Had to run aspnet_iisreg. After that the site doesn't work at all. I just get a 302. which is fine to some extent....
The site works like this: A user surfs to the site. If no cookie exists, teeling the site your logged in this line in web.config tells the user to go to the winlogin page.
<forms loginUrl="~/WinLogon/Login.aspx" ...>
That folder has windowsauthentication enabled, and there's a bit of code on the page checking the user and then redirecting it to the real login page, telling the page that this user is already logged in. If the WinLogon/Login.aspx finds out that you're not authenticated, it returns a 401 as standard. I've changed that to always send the user to the login page, and then let them enter username and password.
But for some reason, my windows users won't get authenticated, and right now it just sends a lot of 302. The WinLogon/Login.aspx sends the user to Account/Login and Account/Login seems to send them back to WinLogon/Login.aspx and so on.
Is there no better way to combine forms and windows auth? And if there's no better way, how do I get this to work in a proper way?
Hope someone understands my problem and can help me out. I guess one of the things that I do have a problem with is me not being very used to working in IIS manager, before this every other solution I've done has just worked. =)
And for the record, to get the windows auth to work(kinda) I did some changes to applicationHost, setting
<section name="windowsAuthentication" overrideModeDefault="Deny" />