Develop Reference

Accessing login page appends ReturnUrl on IIS?

I have a webforms application configured to use forms authentication. It works on my development machine but since I configured it on IIS, I get a ReturnUrl on my login page with the application name, Upon logging in I get back to the same login page logged in but without the returnUrl. Logging in again redirects me to the correct page finally
How can I stop this ReturnUrl appearing on my login page?
http://localhost/myApp/login.aspx?ReturnUrl=%2MyApp%2f
I have checked directory permissions & allowed all users on login page with authorization tag in my web.config but it does not work. Some of my web.config
<authentication mode="Forms">
<forms name="MyAuthCookie" timeout="30" loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
.
.
.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>

Add defaultUrl tag and give the name of page where you want to redirect after login.
Suppose you want login and redirect to "xyz.aspx" page then you have to add below code in web.config file
Note: don't give loginUrl tag.
<authentication mode="Forms">
<forms name="MyAuthCookie" timeout="30" defaultUrl="xyz.aspx"></forms>
</authentication>
<authorization>

how to access server resource for login page and home page when authentication mode is set to forms and protection is set to All

In my asp.net application ,in web.config file i have set authentication mode="forms" and protection="All".But after doing this i get access to login page without any image and css resources .I also need to access my home page without login.How can i do this kindly help.

In the web.config, you will need to add a location that allows all user to access the images and CSS files. Something like:
<location path="images">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
That should sit under the root node of the config file.
You can do the same for the homepage, adjusting the value of path to the correct location.

It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.

Error i got is
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. C:\Users\Jangid\Downloads\TestWebSite1\TestWebSite1\Backup\TestWebSite1\Web.config 26
I have hosted a website in a server using ASP.Net 2.0, i have a web.config in the root folder and also one in the Admin folder, but the admin folder is not a virtual directory and i dont want to create.
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx" name=".ASPXFORMSAUTH"/>
</authentication>
<authorization>
<allow roles="Admins"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
But for authentication and login work for Admin folder, i have used ASP.Net Login Control, but this error preventing me to move formward.
And also please can any one give me a link for learning ASP.Net Login Control, Like user who visit Admin folder should be authenticated with a Role as admin,
How can i create a Role and assign to user on a server

<system.web>
<authentication mode="Forms">
<forms name="cokiename"
loginUrl="./protectedFolder/login.aspx"
protection="All"
timeout="60"
defaultUrl="./protectedFolder/protectedPafe.aspx"/>
</authentication>
</system.web>
This should be in your main web.config file
Following goes into your sub directory config
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
protected folder contains the login page, protected pages and the web.config

You need to have the authentication tag in your main web.config.
Separate Login page for admins is not required.
You need to create admin role in your membership database.(can do using asp.net website administrator)
This is how you work with membership database
http://revenmerchantservices.com/page/ASpnet-20-step-by-step-Membership-Provider-.aspx
http://msdn.microsoft.com/en-us/library/ms178329.aspx
This is for role based security using which you can secure your directories(virtual)
http://www.codeproject.com/KB/web-security/formsroleauth.aspx

Authentication settings in IIS 7.5 and ASP.Net, what is difference?

I just start to learn web programming using IIS 7.5 in windows 2008 R2, and ASP.Net 4.
I notice that both IIS and ASP.Net can define Authentication rules. In IIS, there is a form authentication setting where I can redirect user to specified page for authentication, like below:
And then, in ASP web.config file, I find similar settings:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
When I finish both settings, I assume any page request will be redirect to the login.aspx page. But it didn't. So I am confused. How do the 2 sets of configs work together? And why page request is not redirected?
Thanks
Update
Finally I get it working and I think I understand it now. My website structure is like below:
It is about modifying Autherization rules. Deny all unauthorized users for root:
<authorization>
<deny users="?" />
</authorization>
CSS files should be allowed for all users, so I have Styles\web.config:
<authorization>
<allow users="*" />
</authorization>
and only allow unauthorized users to access register.aspx, so I have Account\web.config:
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

There's another component you need to configure: authorization. If you don't, unauthorized users have access to all pages and will not be redirected to the login page. For example:
<authorization>
<deny users="?" />
</authorization>
This specifies that all unauthenticated users are denied access to pages in your application. The authorization element is part of the system.web configuration section.

When you set something in IIS with authentication ( in your case form authentication). It also change your mapped project webconfig file with the same settings. That's why you see same information in both modules.

Multiple signin pages in one asp.net application

I have one asp.net web application.
It is using two membership provider.
Two sign-in pages one for each provider.
Now i have two folders in root Folder1 & Folder2
Folder1 uses 1st membership provider
Folder2 uses 2nd membership provider
I got almost everything working including signin, create user etc in both provider.
Only issue is in Form authentication i can define only one loginpath. So when session expires or need login to access secure pages. it can only redirct to one sign in page.
Also that section can't be defined by location. by application only.
How can i get folder2 to use 2nd sign in page?
if there is anything i can define by location?

See How to override/change FormsAuthentication LoginUrl in certain cases
It appears from various people researching, that you cannot tell FormsAuthentication to have two different Login pages. But there is nothing preventing you from creating some base page class or other code in your two folders that can determine which login page to direct to. Or, I think that the Application_BeginRequest event fires before the FormsAuthentication module fires, so you could examine requests before they get redirected by FormsAuthentication. Either way though, you would be forced to allow anonymous users to Folder1 and Folder2, which is not ideal.

You need to use the <location> element in your web.config. You can use the <location> tag to apply authorization settings to an individual file or directory.
<location path="/root">
<system.web>
<authentication mode="Forms" >
<forms name="LoginForm" defaultUrl="default.aspx"
loginUrl="/root/login.aspx" protection="Encryption"
timeout="30" path="/"/>
</authentication>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="/root/admin">
<system.web>
<authentication mode="Forms" >
<forms name="formName" defaultUrl="login.aspx"
loginUrl="/root/admin/login.aspx" protection="Encryption"
timeout="30" path="/"/>
</authentication>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
MSDN
For centralized administration,
settings can be applied in the
Machine.config file. The settings in
the Machine.config file define
machine-wide policy and can also be
used to apply application-specific
configuration using <location>
elements. Developers can provide
application-configuration files to
override aspects of machine policy.
For ASP.NET Web applications, a
Web.config file is located in the
application's virtual root directory
and optionally in subdirectories
beneath the virtual root.
If you would like 1 login location and different access levels you might want to use roles.
<location path="/root">
<system.web>
<authorization>
<allow roles="admin,root" />/*admin, root is allowed */
<deny users="*" />
</authorization>
<system.web>
</location>
<location path="/root/admin">
<system.web>
<authorization>
<allow roles="admin" />/*admin is allowed */
<deny users="*" />
</authorization>
<system.web>
</location>
Users can belong to more than one
role. For example, if your site is a
discussion forum, some users might be
in the role of both Members and
Moderators. You might define each role
to have different privileges on the
site, and a user who is in both roles
would then have both sets of
privileges.
You can access all these element at
the code level if you would like to
manipulate the roles/authentication
programmatically
Page.User.Identity.Name
Page.User.Identity.IsAuthenticated
Page.User.Identity.AuthenticationType
Page.User.IsInRole("string");
Additional Links
Using 2 Membership Providers in asp.net
4 Guys From Rolla Tutorial
The ASP.NET web.config File Demystified