I have a ASP .NET MVC site in IIS 8 which is secured using forms authentication. Within this site I have sub-site (which is an application created via "Add application" option in IIS 8). This sub-site consists of static html pages. So for eg my main site URL is www.site.com . The sub-site url is www.site.com/mysite .
I need to configure mysite such that if user is logged into www.site.com then only can access mysite . Trying to access mysite directly should redirect to the www.site.com login page.
I have googled a lot on this and found some articles in SO.
Attempt 1: How do I protect static files with ASP.NET form authentication on IIS 7.5?
Based on this SO question, I tried by making changes to the web.config of the the parent site. I am mentioning it here
<system.webServer>
<modules>
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
</system.webServer>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms defaultUrl="/Home/Index" loginUrl="/" protection="All" timeout="90">
</forms>
</authentication>
</system.web>
However with these settings, when I try to open www.site.com/mysite, it does redirect me to login page with www.site.com?returnUrl=mysite. However after login it again redirects me to login page
Attempt 2: How to do Forms Authentication on purely HTML pages using ASP.NET?
As per this SO question, I tried making the child site www.site.com/mysite to be handled by ASP .NET by adding below in the web.config of the child site (mysite). However no joy
<compilation>
<buildProviders>
<add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
<add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
</buildProviders>
</compilation>
Attempt 3:
I tried adding the Forms Authentication and Authorization settings directly in the web.config file of the child site (www.site.com/mysite)
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms defaultUrl="/Home/Index" loginUrl="/" protection="All" timeout="90" domain="site.com">
</forms>
</authentication>
</system.web>
The important thing to note here is the
domain
attribute added to the Forms tag. Still no joy!
Now I am wondering whether what I am trying is possible at all ? Or is there any alternate solution that I may not be aware of ?
The solution was as follows:
Step 1
Make the subsite with static html pages to be handled by the ASP .NET
<compilation>
<buildProviders>
<add extension=".html" type="System.Web.Compilation.PageBuildProvider" />
<add extension=".htm" type="System.Web.Compilation.PageBuildProvider" />
</buildProviders>
</compilation>
Step 2:
Share the forms authentication key between the parent(main) site and the child (sub) site ie add below in both the parent site web.config as well as the child site web.config
<system.web>
<machineKey decryptionKey="Yourdecryptionkey" validationKey="Your validation
key" />
</system.web>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.