I'm trying to setup Forms authentication in IIS 7. When the user tries to hit any url on the site they are redirected to the login page but after they login they don't leave the page. If I enable Anonymous logging then then login page works fine and the page is redirected to the landing page.
Here's the web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings>
<add key="LandingPage" value="/home/default.htm" />
</appSettings>
<system.web>
<compilation debug="false" />
<authentication mode="Forms">
<forms loginUrl="/login/login.aspx" timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly">
<remove statusCode="401" subStatusCode="-1" />
<error statusCode="401" prefixLanguageFilePath="" path="/login/login.aspx" responseMode="ExecuteURL" />
</httpErrors>
<defaultDocument enabled="false">
<files>
<remove value="iisstart.htm" />
<remove value="index.htm" />
<remove value="Default.htm" />
<remove value="Default.asp" />
<remove value="default.aspx" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
<modules>
<remove name="FormsAuthentication" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" preCondition="" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />
</modules>
</system.webServer>
</configuration>
I've followed instructions in http://technet.microsoft.com/en-us/library/cc753252(v=ws.10).aspx and http://www.iis.net/learn/application-frameworks/building-and-running-aspnet-applications/using-aspnet-forms-authentication but I must have missed something.
Thanks.
EDIT: Added the suggested elements but the same thing happens. Fiddler shows this:
1 302 HTTP localhost / 148 iexplore:14040
2 200 HTTP localhost /login/login.aspx?ReturnUrl=%2f 4,896 private text/html; charset=utf-8 iexplore:14040
3 304 HTTP localhost /images/newheader.jpg 0 iexplore:14040
4 302 HTTP localhost /login/login.aspx?ReturnUrl=%2f 142 private, no-cache="Set-Cookie" text/html; charset=utf-8 iexplore:14040
5 302 HTTP localhost /home/default.htm 170 iexplore:14040
6 200 HTTP localhost /login/login.aspx?ReturnUrl=%2fhome%2fdefault.htm 4,918 private text/html; charset=utf-8 iexplore:14040
7 304 HTTP localhost /images/newheader.jpg 0 iexplore:14040
Replace this
<authorization>
<deny users="?" />
</authorization>
With this
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
In the first configuration you are blocking all users and forgetting to allow access to authenticated users.
Look here for more information.