I am working with ASP.NET application that uses Forms Authentication. However, if I turn off all authentication methods except for forms, I will get a
HTTP Error 401.2 - Unauthorized
When trying to browse any page. However, enabling Anonymous authentication fixes it. What causes this behavior? Thanks!
By doing this your only allowing users to visit pages (other than the login page) if they have logged into your site.
Direct from MSDN:
Forms authentication lets you authenticate users by using your own code and then maintain an authentication token in a cookie or in the page URL. Forms authentication participates in the ASP.NET page life cycle through the FormsAuthenticationModule class. You can access forms authentication information and capabilities through the FormsAuthentication class.
By setting a loginUrl
in the web.config you're instructing your app that the login page is ok to visit for anonymous users. If the user tries to visit a page OTHER than the loginUrl then they will be redirected TO that loginUrl.
Quite often a site would use both anonymous as well as forms. Anonymous to allow visiting of public pages and the forms auth to hide the pages from those not logged into your website.
It's great to use (forms auth) if you're using the ASP.Net Membership and login controls along side, though if you don't plan on using these then you won't need to worry about Forms Authentication
as you can build your own method of letting users gain access.
So all that's to say, if you want to lock it all down bar one page, then set a loginUrl in your web.config
<authentication mode="Forms">
<forms name="myLogin" loginUrl="/Login.aspx">
</forms>
</authentication>