What am I doing wrong with authentication?

[Mr.Magic]

I have the following in my web.config file:


<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="Users"
connectionString="server=xxx.xxx.xxx.xxx;uid=xxxxxxxxxx;pwd=xxxxxxxxxxxxx;DATABASE=xxxxxxxx;"
/>
</connectionStrings>

<system.web>
<sessionState mode="SQLServer" sqlConnectionString="data
source=xxx.xxx.xxx.xxx;user id=xxxxxxxxx; password=xxxxxxxxx" />
<authentication mode="Forms">
<forms name="LoginForm" loginUrl="Login.aspx" protection="All" path="/"
timeout="30" />
</authentication>

<authorization>
<deny users="?"/>
</authorization>

</system.web>

</configuration>


I'm trying to get it to always go to the login page if somebody puts in a
url under the site.

But the system will always let you at any file.

What am I doing wrong? Is there something I need to do in IIS to make this
work?

I have other sites on the same server that working fine (I seperate the
sites by using the header name in the setup for the TCP/IP address.)

Any help would be greatly appreciated.

TIA - Jeff.

 

[Mr.Magic]

I should mention that it works fine on my development machine but not on my
production machine.

 

[Mr.Magic]

OK. I think I may have figured out what is going on. When it's a non-asp.net
page, it doesn't go through the forms authentication.

I put on one of my websites that uses forms authentication a text file and
it works fine.

So the question becomes, how can I make asp.net authenticate non-asp.net
files?

TIA - Jeff.

 

[Mr.Magic]

Nevermind everybody. I figured it out. You need to make a change in IIS so
that it will pass authentication over to ASP.Net.

J.