I'm running an asp.net web application with c#. The following is used: - Windows 2003 server - IIS6.0 - .net Framework 2.0.50727
I'm trying to implement Forms Authentication and have entered the following code in the Web.Config file:
<authentication mode="Forms">
<forms loginUrl="01_Login.aspx"
name=".ASPXFORMSAUTH"
defaultUrl="02_PendingDoc.aspx"
timeout="120"
path="/"
protection="All"
enableCrossAppRedirects="true">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
The login is working as expected, the users can't access any pages other than the 01_Login.aspx until they logged in with a valid username and password. When the user provides the correct login details the following code is done:
FormsAuthentication.RedirectFromLoginPage(logLogin.UserName, false);
However, when the user clicks on a button the following code is run:
//Load xml file into XMLDocument object
XmlDocument xmlDoc = new XmlDocument();
try
{
xmlDoc.Load("SearchConfig.xml");
}
catch (XmlException e)
{
Console.WriteLine(e.Message);
}
The xmlDoc.Load function above will fail and create an XmlException with the following message "{"Expected DTD markup was not found. Line 5, position 3."}". I have also tried to comment out the following part of the Web.Config file:
<deny users="?"/>
And then the xmlDoc.Load function works, but of course, then the users can access all of my applications pages.
Anyone, that have any idea what I've done wrong?