B
=B=
Hi,
I'm succesfully using Forms Authentication on a site I'm working on
(MyMainApp).
In a subfolder of this site, I have a seperate ASP.NET application
(MySubApp), i.e. it's running as an application in IIS, although it's
part of the MyMainApp VS.NET project file. The structure is something
like this:
MyMainApp <!-- Application in IIS
\MySubApp <!-- Application in IIS
\images
\mySubAppFiles
web.config
\images
\includes
\MainAppSubFolder
web.config
logon.aspx, etc.
All other folders are simple virtual directories. If I try browsing
to any .aspx page in a subfolder of MyMainApp (excluding files in
MySubApp) it forces me to the login page, as it should do. However,
if I try to browse to any .aspx page in MySubApp by typing the address
in IE it brings up the page, seemingly bypassing the Forms
Authentication which is applied on both the web.config files of
MyMainApp and MySubApp. Within MySubApp the relevant section of
web.config looks like this:
<authentication mode="Forms">
<forms name=".MYAPP"
loginUrl="../logon.aspx"
protection="All"
timeout="20"
path="/"/>
</authentication>
Does anyone know why the Forms Authentication on MySubApp is being
bypassed completely?
Thanks,
Brian
I'm succesfully using Forms Authentication on a site I'm working on
(MyMainApp).
In a subfolder of this site, I have a seperate ASP.NET application
(MySubApp), i.e. it's running as an application in IIS, although it's
part of the MyMainApp VS.NET project file. The structure is something
like this:
MyMainApp <!-- Application in IIS
\MySubApp <!-- Application in IIS
\images
\mySubAppFiles
web.config
\images
\includes
\MainAppSubFolder
web.config
logon.aspx, etc.
All other folders are simple virtual directories. If I try browsing
to any .aspx page in a subfolder of MyMainApp (excluding files in
MySubApp) it forces me to the login page, as it should do. However,
if I try to browse to any .aspx page in MySubApp by typing the address
in IE it brings up the page, seemingly bypassing the Forms
Authentication which is applied on both the web.config files of
MyMainApp and MySubApp. Within MySubApp the relevant section of
web.config looks like this:
<authentication mode="Forms">
<forms name=".MYAPP"
loginUrl="../logon.aspx"
protection="All"
timeout="20"
path="/"/>
</authentication>
Does anyone know why the Forms Authentication on MySubApp is being
bypassed completely?
Thanks,
Brian