tags:

views:

37

answers:

2
+4  Q: 

Authentication settings in IIS 7.5 and ASP.Net, what is difference?

Hi, I just start to learn web programming using IIS 7.5 in windows 2008 R2, and ASP.Net 4.

I notice that both IIS and ASP.Net can define Authentication rules. In IIS, there is a form authentication setting where I can redirect user to specified page for authentication, like below:

alt text

And then, in ASP web.config file, I find similar settings:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>

When I finish both settings, I assume any page request will be redirect to the login.aspx page. But it didn't. So I am confused. How do the 2 sets of configs work together? And why page request is not redirected?

Thanks

Update

Finally I get it working and I think I understand it now. My website structure is like below:

alt text

It is about modifying Autherization rules. Deny all unauthorized users for root:

    <authorization>
        <deny users="?" />
    </authorization>

CSS files should be allowed for all users, so I have Styles\web.config:

    <authorization>
        <allow users="*" />
    </authorization>

and only allow unauthorized users to access register.aspx, so I have Account\web.config:

  <location path="Register.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
+3  A: 

There's another component you need to configure: authorization. If you don't, unauthorized users have access to all pages and will not be redirected to the login page. For example:

<authorization>
    <deny users="?" />
</authorization>

This specifies that all unauthenticated users are denied access to pages in your application. The authorization element is part of the system.web configuration section.

Ronald Wildenberg  2010-10-08 11:29:26
Hi, i added this but it gives me same error rather than redirection. Seems redirection is not automatic?
Sheen  2010-10-08 12:18:06
Glad you worked it out. If this helped you answer your question, could you mark it as answered?
Ronald Wildenberg  2010-10-08 12:59:50
+1  A: 

When you set something in IIS with authentication ( in your case form authentication). It also change your mapped project webconfig file with the same settings. That's why you see same information in both modules.

Liuksas  2010-10-08 11:35:25
@Liuksas, you are right. And when I enable all 3 methods in IIS, web.config only uses 'Forms'. Does that mean Form method takes priority?
Sheen  2010-10-08 12:10:30
Try <system.web> <authorization> <deny users="?"/> </authorization> </system.web> <location path="login.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>Let user to connect to mentioned page in webconfig.
Liuksas  2010-10-08 12:26:11
<authentication mode="Forms"> <forms loginUrl="~/Account/Login.aspx" timeout="2880" /></authentication>This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None". Because you have one of these, webconfig contains only one.
Liuksas  2010-10-08 12:30:03
Good job for you :)
Liuksas  2010-10-08 12:52:09

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps