views:

171

answers:

1

Using MVC 2, if I setup my root web.config with forms authentication (there is no locations section), and I go to a page outside an area (off of the root), I get redirected to the login page as one would expect. However, if I go to a page in an area, I don't get redirected as expected. Do I need an additional web.config somewhere in the area or do I possibly have something mis-configured?

Also, I have been sure to clear all cookies and start from a new session and browser just in case something was holding over from a previous login.

I really did not want to have to maintain locations or multiple web.config files since the whole site needs authentication.

If it helps, I am using Visual Studio 2010 and started with a MVC 2 template.

Warning: I have only had 2 cups of coffee this morning so it could be a short circuit between the chair and the keyboard...

Thanks,

--Patrick

+2  A: 

Web.config authorization should not be used with an MVC application. Instead, apply the [Authorize] attribute to the controllers you wish to protect. If all of your controllers site-wide need authorization, consider having a BaseController with an [Authorize] attribute and having all of your controllers site-wide subclass the BaseController.

Levi
In retrospect, I knew that, but for the life of me it took reading the answer to remember it. Thanks a bunch for giving me a virtual smack on the back of the head...
Laques

related questions