forms authentication with web.config. Always works on dev, never works on live

Here is the web.config;

<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <customErrors mode="Off"> </customErrors> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="999999"> <credentials passwordFormat="MD5"> <user name="admin" password="21232F297A57A5A743894A0E4A801FC3" /> </credentials> </forms> </authentication> <authorization> <allow users="?" /> <allow users="*" /> </authorization> <trace enabled="true" localOnly="false" /> </system.web> <location path="administration"> <system.web> <authorization> <allow users="admin" /> <deny users="*" /> </authorization> </system.web> </location> </configuration>

When I run this on my visual studio 2008 dev server it runs fine and works well. When I publish to IIS I always get Http 403 Forbidden Errors when trying to access any page on the site

There is 1 folder within my site that should be login protected called 'administration'

Please can someone point out where I am going wrong! I'm Getting very frustrated :0)



I had a similar problem and my situation may be different than yours, but I solved it by using Fiddler and checking the authentication cookie, to see if it was being passed to the client. My problems were with me running VS 2008 on Vista, which required admin privileges. When I tested on the local server, I was running as the user I was logged in as and that user wasn't admin so I was dealing with two cookies. Plus I set the authentication paths incorrectly. Hope this helps.

The solution was configuration in IIS

Properties > Directory Security > Edit > Authentication Methods > Uncheck 'Integrated Windows Authentication'

After this config everything is now working fine. Time:2010-02-27 Views:1

Related post

  • Authentication through web.config not authenticating in 3.5 2009-07-17

    This is one of this things that should be extremely simple and I just can't work out why it's not working. I'm trying to set up some very quick authentication for an 3.5 app but storing the usernames and passwords in the web.config file (I kn

  • IIS 7 - Authentication in IIS vs Authentication in web.config 2010-10-14

    I'm relatively new to using IIS 7. I'm getting confused by the various options that IIS 7 provides. What does setting authentication mode="Windows" do in the web.config of my site do? What does enabling Windows authentication in the Authentic

  • MVC and IIS 7 Remove Basic Authentication in web.config 2010-10-18

    I published a site with a web hosting company and when someone hits the URL for the first time they are being prompted to log in using basic authentication. If you hit Cancel the site loads successfully and the user is not prompted again with the dia

  • Unable to logout after specifying "domain" parameter in "authentication" of web.config 2011-03-22

    I have logout handler which used to work fine: public void ProcessRequest(HttpContext context) { //// Sign out System.Web.Security.FormsAuthentication.SignOut(); //// Clear Session if (context.Session != null) { context.Session.Clear(); } /// Expire

  • Authentication in web.config causes all my assets to be unreachable 2011-10-19

    In my web.config I have this authentication setting: <authentication mode="Forms"> <forms loginUrl="login.aspx" name="signin" path="/" protection="All" timeout="525600"> </forms> </authentication> <authorization> <den

  • ASP.NET MVC 3 Areas and multiple authentication in web.config 2011-11-18

    I have been attempting to follow this blog to get Areas working: In the blog post, it identifies the ability to have authentication set per Area, e.g.: <location path="Area1">

  • authentication in web.config 2011-12-26

    I have a web.config with <location path="MyFolder"> <system.web> <authorization> <allow users="MySiteUsers" /> </authorization> </system.web> </location> My question is, where should I define "MySiteUsers" ro

  • redirect to root login page from web.config 2011-06-03

    I am redirect user to loging page when session expires. Login.aspx is in root. I declared path like this in web.config file. <forms name=".FormsAuth" loginUrl="~/Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" > It is

  • Machine-variable web.config elements? 2009-09-03

    Is there a way, in the web.config, to specify machine-specific values? For example: in production I want the <customErrors> node to redirect to specific pages for displaying user-friendly error-handling pages, but in development, test, and stag

  • Detecting Web.Config Authentication Mode 2008-09-18

    Say I have the following web.config: <?xml version="1.0" encoding="utf-8"?> <configuration> <system.web> <authentication mode="Windows"></authentication> </system.web> </configuration> Using ASP.NET C#, how c

  • Can we create an application with its own Web.config and Forms Authentication section inside another application using Forms Authentication? 2008-09-29

    I have an application that uses Forms Authentication to authenticate one type of user. There is a section in this application that needs to be authenticated for another type of user using a different table in the database. The problem happens if the

  • Modifying SharePoint app Web.config file with Forms Based Authentication 2009-05-15

    We have a SharePoint application where we want the user to be able to modify the web.config by activating a feature. The application is extended, so we have an AD based web application and another that uses Forms Based authentication (FBA), with the

  • Web.config Authentication Error 2009-08-28

    I am using SQLServer2005 and VS2008. My connection string in web.config is: add name="library" connectionString="Data source=KMT; Initial Catalog=Library;Integrated Security=SSPI" Here, KMT is my server name, Library is my database. When I run my pag

  • authentication - use credentials from web.config - problem 2009-10-17

    I have a simple problem which is giving me headaches for a couple of days. I've created very simple application with login control. I keep user data in web.config file: <authentication mode="Forms"> <forms name=".RzeskoLoginCookie"> <c

  • SQL Agent and Web.Config. WAS: SSRS Forms Authentication, Running subscriptions 2009-10-21

    I have successfully implemented Forms Authentication in SSRS, so it now uses both Roles and Users from my website, using the ordinary membership framework. I can log in to the portal and run any report, as long as I have the correct role from

  • Forms Authentication web.config set up 2009-12-08

    Is this specification correct in the root web.config file? I haven't used a child web.config in the protected folder. <system.web> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl=""> </forms> </authentication

  •, web.config inheritence, and clearing the authentication setting 2009-12-17

    I have an 1.1 application. In a sub-folder, I've installed, which is a 2.0 app. The folder is set to be an application and is using the proper framework. It works...except for authentication. The issue is inheritence from the w

  • Authentication settings in IIS Manager versus web.config versus system.serviceModel 2010-04-06

    I have a WCF web service, and I want to use Basic authentication. I am getting lost in the authentication options: In IIS 6 Manager, I can go in to the properties of the web site and set authentication options. In the web site's web.config file, unde

  • different login pages in root web.config file for authentication 2011-01-19

    how can i specify two different login pages in root web.config file since i need to have authentication for two folders.for securing My Account module i did like this in the root folder i need to have it for another folder called EBox also. ---------

Copyright (C), All Rights Reserved.

processed in 0.838 (s). 13 q(s)