Re: Forms Authentication w/SubFolders
From: JTR (jtrichard_at_sotasw.com)
Date: Mon, 4 Aug 2003 08:04:55 -0700
I was able to demonstrate the same as you in terms of ASPX
pages authenticating/redirecting properly as long as they
exist in the root. Unfortunately, not much good for an
I performed more testing/analysis and was able to get an
ASPX page in a nested folder to be
authenticated/redirected properly as long as the nested
folder was not classified as an ASP.NET Application (IIS
Manager) and the corresponding assembly (DLL) was located
in the root folder's BIN folder. I plan to follow this
path and use an application config file (<app>.dll.config)
in the root bin folder to setup alternate codebase paths.
>I have come into this newsgroup precisely to look for an
answer to this. I
>am quite amazed to see this very question! Furthermore,
I see a posting
>made a few days later that reports a similar issue:
>returns to the login page.
>My situation is that in root, aspx pages authenticate
fine (the login.aspx
>form is in the root, as well). But in sub-directories,
while the login.aspx
>form is correctly invoked, the redirect returns to the
>This happens regardless of the presense of a web.config
file in the
>subdirectory, or the contents of it. I have played
around with variations
>for about 3 hours. I have verified that the cookies is
being created and
>sent, but for some reason the application in the sub-
directory is not hip to
>the fact that this cookie exists, and returns to the
>Pretty big problem. Hope there is a simple fix.
>Thanks for all suggestions.
>"JTR" <firstname.lastname@example.org> wrote in message
>> I'm trying to create a structure I can share
>> authentication from a root application with many
>> subordinate applications (subfolders).
>> The web.config file for the root has:
>> <allow users="*" />
>> Then, each subordinate application (subfolder) has a
>> web.config with the following:
>> <authentication mode="Forms">
>> <forms name=".BUZZARD"
>> <deny users="?" />
>> When the user access a resource in a subfolder, the
>> form is displayed and authenticates the user correctly,
>> including the creation of an authentication ticket.
>> when the login form attempts to redirect the browser to
>> the requested secure resource, the login form is
>> redisplayed. I have tried using
>> FormsAuthentication.RedirectFromLoginPage() and
>> Response.Redirect() with the same results.
>> Any ideas?