0

I'm working on a website built with pure HTML and CSS, and I need a way to restrict access to pages located within particular directories within the site. The solution I came up with was, of course, ASP.NET Forms Authorization. I created the default Visual Studio log in form and set up the users, roles, and access restrictions with Visual Studio's wizard. The problem is, I can't log in to the website with the credentials that I have set.

I'm using IIS 7. ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­

Improve this question
1
  • In what way does the login fail? Do you have an exception thrown (yellow screen of death) or something else? Commented Aug 24, 2008 at 22:35

5 Answers 5

Reset to default
2

I'd guess (since I don't have IIS7 handy ATM) that you'd need to turn off Anonomyous Auth, and enable Forms Auth in the IIS7 sections.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

At what point did you insert your login/password? Did you have a look at the tables that where created? Althought your password must be encrypted, maybe it's worth just checking if your user was actually created.

Improve this answer

Comments

0

At what point did you insert your login/password? Did you have a look at the tables that where created? Althought your password must be encrypted, maybe it's worth just checking if your user was actually created.

Forms Authentication does not require any form of user database.

Steve, can you please paste in your forms authentication web.config section, also any relevant code to the ASP.NET Login control you were using.

There is not enough information to troubleshoot here yet :)

Improve this answer

Comments

0

The web.config section is pretty useless as far as I can tell:

<authentication mode="Forms" />

I looked in IIS 7, and in the Authentication section it says: Anonymous Authentication = Enabled, ASP.NET Impersonation = Disabled, Basic Authentication = Disabled, Forms Authentication = Disabled.

Also, I have made no changes to the code other than dragging a Login object onto the designer and changing the page it points at to index.html.

Currently, the log in fails by displaying the log in failed text.

EDIT: Earlier when I would try to navigate directly to a page that is restricted, I would receive a blue page saying that I had insufficient permissions. Now I can see the pages that are restricted without logging in even though I have anon access denied.

Improve this answer

Comments

0

Steve,

I don't think the issue is with your IIS settings. Because forms authentication does not rely on IIS authentication, you should configure anonymous access for your application in IIS if you intend to use forms authentication in your ASP.NET application.

Try this in your web.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
    <authentication mode="Forms" >
      <forms loginUrl="~/login.aspx" defaultUrl="~/">
        <credentials passwordFormat="Clear">
          <user name="YourUsername" password="superSecret" />
        </credentials>
      </forms>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
  <system.web>
</configuration>

There are better ways to implement forms authentication than hardcoding a username and password into your web.config, but this should work for getting you started.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.