I am just starting to learn web programming with IIS 7.5 on Windows 2008 R2 and ASP.Net 4.
I noticed that both IIS and ASP.Net can define authentication rules. There is a form authentication option in IIS where I can redirect the user to the specified page for authentication, for example below:
And then, in the ASP web.config file, I find similar settings:
<authentication mode="Forms"> <forms loginUrl="~/Account/Login.aspx" timeout="2880" /> </authentication>
When I complete both options, I assume that any page request will be redirected to the login.aspx page. But this is not so. Therefore, I am confused. How do two sets of configurations work? And why is the page request not redirected?
thanks
Update
Finally, I have earned, and I think I understand now. My site structure is as follows:
It's about changing the rules of Autherization. Renounce all unauthorized root users:
<authorization> <deny users="?" /> </authorization>
CSS files must be allowed for all users, so I have Styles \ web.config:
<authorization> <allow users="*" /> </authorization>
and allow unauthorized users access to register.aspx, so I have an account \ web.config:
<location path="Register.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <system.web> <authorization> <deny users="?"/> </authorization> </system.web>