I started with a default WebForms project with Individual Accounts. I have a bunch of content that I've built with database connections. I want to restrict all content to authenticated users with the exception of the default.aspx
I have successfully established the Identity table structures in my SQL database and can "register" new users. This all works fine. However, when I add the authentication setup to the web.config see below, it all breaks.
<system.web>
<authentication mode="Forms">
<forms name=".FormsAuth" loginUrl="Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I would expect this to allow me to view my Default.aspx page and redirect if I moved off of it. Instead I attempts to redirect to \account\login and fails with this message.
HTTP Error 404.15 - Not Found The request filtering module is configured to deny a request where the query string is too long.
The ReturnURL is huge and seems to repeat itself. I've tried looking around for a start from scratch example but have not found one that works. This should be simple.
I figured this out. I had to remove the general "deny all anonymous" statement from web.config:
<!--<authorization>
<deny users="?"/>
</authorization>-->
...which I was trying to use to restrict ALL but the login page. I moved all of my content into a few subfolders then called them out with the location tags and the same deny users statement.
<location path="System">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Reports">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
At this point it seems to be working "properly" and now redirects users to login.aspx if not authenticated.