开发者

Disable form authentication for public pages

开发者 https://www.devze.com 2022-12-20 22:29 出处:网络
In my development environment everything works as I expect. I can access all the pages and as soon as I get to a secured page I check the Request.IsAuthenticated and redirect to the login page if need

In my development environment everything works as I expect. I can access all the pages and as soon as I get to a secured page I check the Request.IsAuthenticated and redirect to the login page if needed. The开发者_运维技巧 problems starts when I deploy the project under IIS7. When I access the site I'm being redirected to the login page (as defined in the web.config) although it suppose to be a public page... If I disable the Form Authentication in the admin console Request.IsAuthenticated always return true. So

How can I make IIS behaves like my ASP.NET development server?

p.s. I'm working with asp.net MVC

Thanks, Eden.


Probably you have authorization section in your web.config and it denies all requests for unauthenticated users. Check this article for some details about authorization section. And it will be better to allow access for unauthenticated users evidently by adding

    <authorization>
        <allow users="*" /> 
    </authorization>

Edit 26/02:
Probably there are some specific IIS authorization rules (IIS 7 introduces a new authorization mechanism). I recommend you to check all rules that are defined for application using IIS management tool (this article explains how to check them). And probably it'll be interesting and useful for you to check changes between IIS 6 and IIS 7 and IIS 7 url authorization feature in details.

Also I checked it on my box (windows 7). I created a simple asp.net mvc application and deployed it to IIS (version 7.5). And all was working as expected. Probably there are some restrictions on your server that are placed in the root config (a config in a root folder) or in machine.config.

0

精彩评论

暂无评论...
验证码 换一张
取 消