I have a website in IIS with directory browsing enabled (this is also an ftp site). I have recently switched to forms authentication instead of basic authentication. The root folder is accessible to everyone. Then each folder is accessible to a different group.
I can access the root folder then when i try to access a subfolder i get redirected to the login page.
After login I have access to the subfolder.
But I also have access to all other subfolders even if i am not in the group. (Not good)
So basically if i am logged in i have access everywhere and the ACL has no impact on what i can access. ACL still works fine for FTP. This problem occurs when i switched from basic authentication to forms authentication
