I setup a really basic authentication schema using a SHA1 pw and credentials stored in web.config.
After deploying the .Net 4.0 site (in IIS 7), I can successfully login when I go to the www location from the server the site resides on.
However when trying to login from a browser on another computer, putting in the appropriate credentials just cycles right back to the login screen.
In the site’s IIS Authentication, I enabled Anonymous, Basic and Forms.
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<authentication mode="Forms">
<!-- <forms loginUrl="~/Account/Login.aspx" timeout="2880"/> -->
<forms name=".ASPXFORMSAUTH" loginUrl="~/Account/Login.aspx" defaultUrl="~/AdminPages/Default.aspx" cookieless="UseCookies" timeout="30">
<credentials passwordFormat="SHA1">
<user name="user1" password="77A80B8DE9F00DD1CC502344C38FC1BA24CC0897" />
<user name="user2" password="329E66AD5EC6E09AA8002311ACAF6ADBACD12DC4" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Styles">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Account">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="AdminPages">
<system.web>
<authorization>
<allow users="user1,user2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Any ideas?
Thanks.
Using the following configuration, I was able to achieve the desired user-based authentication with credentials stored in the Web.config with SHA1 pw encryption. Hope it helps someone: