1

I have a website that uses ASP.NET forms authentication using .Net 4.0 on IIS 7. I have secured the site using a third party single-sign on provider (jasig CAS), and it all works well.

The default documents list in IIS has Default.aspx at the very top.

The default page of the website is Default.aspx and it is opened to the public with the below snippet from my web.config, again this works as expected when I navigate directly to the page.

  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

The problem that I'm having is that when I navigate to the root of my website ie www.mydomain.com rather than www.mydomain.com/default.aspx I am redirected to the forms authentication page.

Surely this is the same page, and is subject to the same authorization rules?

I am stuck on this, and do not know where to turn.

KerSplosh
  • 466
  • 8
  • 26
  • few questions.. 1. is Default.aspx set to be the default startup page in your project..? 2. what or how is it setup in visual studio when you view the project properties / build 3. are you using MasterPages..? have you debugged this / stepped thru the code..? – MethodMan Jun 24 '14 at 13:27
  • Default.aspx is the default startup page in my project, I am using master pages (not sure how this helps) - the forms authentication kicks in before it hits the page, so there is no breakpoint that can be hit. – KerSplosh Jun 24 '14 at 13:35

2 Answers2

2

There is a similar question in Stack Overflow:

Allowing anonymous access to default page

In Global.asax, place the following code in Application_BeginRequest method:

if (Request.AppRelativeCurrentExecutionFilePath == "~/")
    HttpContext.Current.RewritePath("default.aspx");
Community
  • 1
  • 1
Vaibhav Vidhate
  • 186
  • 1
  • 5
  • Well spotted! I had spent half a day searching for this before posting! – KerSplosh Jun 24 '14 at 14:04
  • If you are using the .NET jasig Client as I am, this will not work for you - as the jasig .NET Client intercepts the http request pipeline before the begin request in the global.asax, so this fix worked for me in my dev environment, but failed on staging so I cannot now accept this answer. – KerSplosh Jun 25 '14 at 07:21
0

I ended up using this code (the same as above), but it had to go in the OnBeginRequest method in the CasAuthenticationModule

if (Request.AppRelativeCurrentExecutionFilePath == "~/")
    HttpContext.Current.RewritePath("default.aspx");
KerSplosh
  • 466
  • 8
  • 26