Forms Authentication

[TylerDCA]

I am working on forms authentication for my web application.

I would like to have a secure section and and unprotected section.

The unprotected section would be at the application root and there would be a members directory called member.

I would also like to have a login control in the unprotected area that when the user authenticates would redirect to member/default.aspx

I have created this structure, but I was forced to make the member directory an application within IIS. (This does not seem natural to me).

Regardless I can authenticate but when trying to redirect to member/default.aspx the user is not recognized as authenticated and is taken to member/login.aspx as is the expected behavior for an unauthenticated user.

My web.config is:

<system.web>
	    <compilation 
         defaultLanguage="c#"
         debug="true"
    />
</system.web>
	
	<location path="member"> 
	<system.web>

    <compilation 
         defaultLanguage="c#"
         debug="true"
    />
    <customErrors 
    mode="RemoteOnly" 
    /> 
    
    <authentication mode="Forms">
		<forms name="SampleAuth"
			loginUrl="login.aspx"
			slidingExpiration="true"
			protection="All"
			path="/">
			</forms>
    </authentication> 

			
			<authorization>
				<deny users="?"/>
			</authorization>
	

 </system.web>

I have removed some needless code from the web.config

If anyone could shed some light onto the problem it would be greatly appreciated.

 

[webster]

Have you tried using codebehind authentication checks
and using Session/Cookies to flag the user has authenticated=1 eg:

hope this helps.