Maybe you should specify a relatively more absolute path for the loginUrl? (/unsec/sec/login.aspx)?
-mike -----Original Message----- From: Moderated discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Sent: Thursday, January 30, 2003 10:05 AM To: [EMAIL PROTECTED] Subject: Forms authentication redirects to non-existant URL We have a directory structure like this: wwwroot\<unsecure>\<secure> Users click a link on a simple HTML page in the <unsecure> directory to request HomePage.aspx in the <secure> directory, which contains a forms-authenticated ASP.NET application. The system redirects them to wwwroot\<unsecure>\<secure>\LoginForm.aspx They log in, and HomePage.aspx appears. Works perfectly. HOWEVER, if the user leaves a page of the application open long enough for the session to expire, and then tries to use the page, the system redirects the request to wwwroot\<unsecure>\<unsecure>\LoginForm.aspx There is no such path, and the user gets a "Resource not found" HTTP 404 error. Where is the system getting this non-existant URL? ADDITIONAL INFORMATION: web.config looks like this: <authentication mode="Forms"> <forms name="myCookieName" loginUrl="LoginForm.aspx" protection="All" timeout="30" path="/"></forms> </authentication> The <unsecure> directory is just simple IIS, not even configured as an IIS application. It contains only a simple HTML page and the images and css for it. The directory is set for anonymous and windows, and the anonymous user is the default IUSR_MACHINE. The <secure> directory inside it is configured as an IIS application and includes web.config and the rest of our ASP.NET application. It is set for anonymous and windows. The anonymous user is a domain username created for the application. The same user is configured in machine.config - in processModel we have replaced machine/autogenerate with domainusername/strongpassword - as per MS recommendation in Building Secure ASP.NET Applications. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
