Re: Forms Authentication w/SubFolders

From: Joel Finkel (
Date: 08/03/03

Date: Sun, 3 Aug 2003 01:20:11 -0500

I have come into this newsgroup precisely to look for an answer to this. I
am quite amazed to see this very question! Furthermore, I see a posting
made a few days later that reports a similar issue: Sucessful authentication
returns to the login page.

My situation is that in root, aspx pages authenticate fine (the login.aspx
form is in the root, as well). But in sub-directories, while the login.aspx
form is correctly invoked, the redirect returns to the login.aspx page.
This happens regardless of the presense of a web.config file in the
subdirectory, or the contents of it. I have played around with variations
for about 3 hours. I have verified that the cookies is being created and
sent, but for some reason the application in the sub-directory is not hip to
the fact that this cookie exists, and returns to the login.aspx page.

Pretty big problem. Hope there is a simple fix.

Thanks for all suggestions.

"JTR" <> wrote in message
> I'm trying to create a structure I can share
> authentication from a root application with many
> subordinate applications (subfolders).
> The web.config file for the root has:
> <authorization>
> <allow users="*" />
> </authorization>
> Then, each subordinate application (subfolder) has a
> web.config with the following:
> <authentication mode="Forms">
> <forms name=".BUZZARD"
> loginUrl="../login.aspx">
> </forms>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
> When the user access a resource in a subfolder, the login
> form is displayed and authenticates the user correctly,
> including the creation of an authentication ticket. But,
> when the login form attempts to redirect the browser to
> the requested secure resource, the login form is
> redisplayed. I have tried using
> FormsAuthentication.RedirectFromLoginPage() and
> Response.Redirect() with the same results.
> Any ideas?
> JTR.