Forms Authentication Ignoring Default Document

Question

Hello all,

I have spent a day and a half trying to resolve this issue. Bascially have an ASP.net website with Forms Authentication on IIS7 using Framework 4.0.

The Authorization stuff seems to be working perfectly for every scenario with the exception of hitting it with no document specifed (Should resolve to Default Doc).

For example (Please don't be harsh on site its still be developed ;) ), http://www.rewardroster.com/Default.aspx works perfectly, this page should allow anon access as specified in the web.config.

but if I hit www.rewardroster.com Directly it redirects to the login page with Return URL set to "/" or Login.aspx?ReturnUrl=%2f

Some things I have tried:

1) Set Authentication to None and then the Default document worked so thats not the issue.

2) Added DefaultDocument attribute to Web.config

3) Deleted all entries for in Default Document list in IIS except for Default.aspx

4) Added MachineKey entry in Config

5) Toggled from Integrated to Classic pipeline in IIS

Here is what's in my config:

  <authentication mode="Forms">
    <forms name="appNameAuth" loginUrl="Login.aspx" protection="All" timeout="60" slidingExpiration="true" defaultUrl="Default.aspx" path="/">
    </forms>
  </authentication>
  </authentication>

 <location path="Default.aspx">

Thanks so much for your time and hope someone knows what is going on here.

Answer 1

I had a similar problem. No styles when I wasn't logged in, www.site.nl\ redirected to the login-page (with a redirect url to a home-page) and entering www.site.nl\Home (same homepage as the redirect url mentioned before) didn't need a login.

Solution was:

• Open IIS
• Open IIS: Authentication
• Open and edit Anonymous access
• Check user (I changed the user to the app.pool user)
• Give user rights on the root of the site (on the file system)

That worked out for me.

Good luck

Answer 2

What I ended up doing to fix this is writing a few lines of code in my login page to check for a Request.QueryString["ReturnUrl"] of "/". If it found that, then it redirected to default.aspx.

I couldn't find ANY way to make forms authentication not intercept calls without a page specified (e.g. www.mysite.com). :( I even tried .NET 4 URL Routing and that didn't prevent Forms Authentication from hijacking the request either.

Below is the code I used in login.aspx:

protected void Page_Load(object sender, EventArgs e)
{
    if (!(IsPostBack || IsAsync))
    {
        string returnUrl = Request.QueryString["ReturnUrl"];
        if (returnUrl != null)
            if (returnUrl == "/")
                Response.Redirect("default.aspx");
    }
}