Hi Michael,
I have recieved your code. After making some changes in it, it works on my
side:
First, we modify some in the web.config:
<authentication mode="Forms">
<forms name="TabTagLogin" loginUrl="./login/login.aspx" protection="All"
path="/" timeout="10" />
</authentication>
<identity impersonate="true" />
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
loginUrl="./login/login.aspx" will force it use login in right sub folder.
With
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
It will deny anonymous users.
And in the code behind:
private void LoginButton_Click(object sender, System.EventArgs e)
{
//if (Page.IsValid == true)
//{
//string UserID;
//User user = new User();
//MismatchLabel.Visible = false;
// Check for already logged on
//if (loginUserDetails != null)
//{
// Session["UserDetails"] = null;
// loginUserDetails = null;
// FormsAuthentication.SignOut();
//}
//UserID = user.Login(LogonEmailTextBox.Text,
LogonPasswordTextBox.Text);
//if (UserID != null)
//{
// Session["UserDetails"] = user.GetUserDetails(UserID);
FormsAuthentication.RedirectFromLoginPage("*", false);
//}
//else
//{
// MismatchLabel.Visible = true;
//}
//}
}
As you see, I only keep the line
"FormsAuthentication.RedirectFromLoginPage("*", false);". It will always
redirect once user input a name and password. That make it work with aspx,
exe and zip.
Therefore, the problem on your side may be caused that this line didn't got
executed. The posible reason is (loginUserDetails != null) or (UserID =
null). Especially, when request is to a exe or zip file. You need to double
check the logic of your application to make sure this.
Luke
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)