Here's my problem...
I have a website running in II7 integrated pipeline mode and I want to enable forms auth on the entire website apart from the '/secure/' directory which contains the login form.
My web config currently looks something like this...
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <customErrors mode="Off"/> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="secure/login.aspx" protection="All" path="/" timeout="999999" slidingExpiration="true" enableCrossAppRedirects="true"> <credentials passwordFormat="Clear"> <user name="user1" password="xxxxxx"/> </credentials> </forms> </authentication> <authorization> <allow users="user1"/> <deny users="*"/> </authorization> </system.web> <location path="secure"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <system.webServer> <!--Enabling Forms Authentication for the Entire Application--> <modules> <remove name="FormsAuthenticationModule" /> <add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" /> <remove name="UrlAuthorization" /> <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" /> <remove name="DefaultAuthentication" /> <add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" /> </modules> </system.webServer> </configuration> When I visit the website URL I just get an endless loop of redirects. I've tried putting the location specific auth rules above the system.web section but this had no effect.
Any ideas?
Cheers,
Robin
