locked
Forms Authentication - 401 error on login page RRS feed

  • Question

  • User1427960525 posted

    For some reason I can't seem to get Forms Authentication to work properly on my subsite...

    <authentication mode="Forms">
    			<forms defaultUrl="Default.aspx" loginUrl="PKILogin.aspx" timeout="2880" />    
    </authentication> 
    <authorization>
        <deny users="?" />
    </authorization>

    I get a 401 error with the above setting in my web.config.
    However, if comment out the <deny users="?" />  I can get to my  login page without issues.  But then of course if the user's session times out or they book mark a different page inside my site they are not automatically redirected to my login page.

    ASP.net 4.7.2    IIS 7.5

    Any ideas on how to solve this?

    Tuesday, January 22, 2019 8:25 PM

Answers

  • User-893317190 posted

    Hi scottmetzger,

    deny users="?" means denying access to all the pages in the current folder and its sub folders.

    So it will also deny access to your Default.aspx.

    You could add your default.asp. in a sub folder and  configure your root web.config as follows. account is the folder where your login page is

    <location path="account" >
        <system.web>
          <authorization>
            
            <allow users="*"/>
          </authorization>
        </system.web>
      </location>
      <system.web>
        <authentication mode="Forms">
    			<forms defaultUrl="Default.aspx" loginUrl="~/account/PKILogin.aspx" timeout="2880" />    
    </authentication> 
    <authorization>
        <deny users="?" />
    </authorization>

    Or you could create a new web.config in your sub folder where your login page is.(Mine is account).

    Then you could reconfigure the newly created web.config as follows. It will rewrite the configuration in your root web.config(web.config in sub folder could rewrite configuration of web.config in parent folder).

    <?xml version="1.0"?>
    <configuration>
      <system.web>
        <authorization>
          <allow users="*"/>
        </authorization>
      </system.web>
    </configuration>
    

    Best regards,

    Ackerly Xu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 23, 2019 4:11 AM

All replies

  • User475983607 posted

    How is your "subsite" configured in IIS?  Can you explain the design?

    Tuesday, January 22, 2019 8:31 PM
  • User1427960525 posted

    It is configured as an 'application'.

    So, main site is https://example.com
    application is mysubsite

    so url for is https://example.com/mysubsite 
    Other susbsites exist   https://example.com/mysubsite2  etc.

    Each subsite does its own authentication.

    Tuesday, January 22, 2019 8:37 PM
  • User475983607 posted

    It is configured as an 'application'.

    So, main site is https://example.com
    application is mysubsite

    so url for is https://example.com/mysubsite 
    Other susbsites exist   https://example.com/mysubsite2  etc.

    Each subsite does its own authentication.

    As understand you are creating applications within a main web application.  Each sub application is independent of the others and you're simply sharing the domain name?   This new independent application is not behaving like the others?  

    If so, make sure the new application has its own application pool.

    Tuesday, January 22, 2019 8:51 PM
  • User1427960525 posted

    As understand you are creating applications within a main web application.  Each sub application is independent of the others and you're simply sharing the domain name?   This new independent application is not behaving like the others?  

    If so, make sure the new application has its own application pool.

    Correct sharing the domain name.

    That may be it.   I am sharing an app pool with one of the other web applications.  I'll try and get one of the SAs to create a new user and App pool for me.

    But I don't think that explains the behavior when I comment out the 

     <deny users="?" />

    If I go to https://example.com/mysubsite/PKILogin.aspx  the login page loads and allows me to login.  Everything seems to work except it doesn't redirect me to that page first.

    Wednesday, January 23, 2019 2:55 AM
  • User-893317190 posted

    Hi scottmetzger,

    deny users="?" means denying access to all the pages in the current folder and its sub folders.

    So it will also deny access to your Default.aspx.

    You could add your default.asp. in a sub folder and  configure your root web.config as follows. account is the folder where your login page is

    <location path="account" >
        <system.web>
          <authorization>
            
            <allow users="*"/>
          </authorization>
        </system.web>
      </location>
      <system.web>
        <authentication mode="Forms">
    			<forms defaultUrl="Default.aspx" loginUrl="~/account/PKILogin.aspx" timeout="2880" />    
    </authentication> 
    <authorization>
        <deny users="?" />
    </authorization>

    Or you could create a new web.config in your sub folder where your login page is.(Mine is account).

    Then you could reconfigure the newly created web.config as follows. It will rewrite the configuration in your root web.config(web.config in sub folder could rewrite configuration of web.config in parent folder).

    <?xml version="1.0"?>
    <configuration>
      <system.web>
        <authorization>
          <allow users="*"/>
        </authorization>
      </system.web>
    </configuration>
    

    Best regards,

    Ackerly Xu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 23, 2019 4:11 AM
  • User1427960525 posted

    That's it thanks.

    I just opened up my login page instead of a whole directory...

    <location path="~/PKILogin.aspx">
    		<system.web>
    			<authorization>
    				<allow users="*" />
    			</authorization>
    		</system.web>
    	</location>

    Wednesday, January 23, 2019 5:21 AM