问题
I have an ASP.NET website hosted on IIS 7.5 as below:
I have "customwebsite.com" as the website and in it I have two Web Applications - uk & us - so that I can access these application as customwebsite.com/uk & customwebsite.com/us.
customwebsite.com directory does not have any web.config and have only two folders for web application us and uk.
Both us and uk web application have their individual web.config and have Form Authentication specified as below:
<authentication mode="Forms">
<forms loginUrl="/static/login.aspx" name="login" timeout="20"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
At this path: /static, there is a web.config with following content:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</configuration>
When I hit the root URL for us application, the Website loads correctly but if I loads from uk, I got the error as below:
I have checked the Folder Security, and all the required users have been granted permission and are same for both us and uk applications.
I have checked the IIS logs and below is the response codes of the request in case of failure: 401 0 0 1519 296
Can someone help me resolving this issue.
回答1:
Got it resolved.
There was two more folders where the redirection of /static/login.aspx happens.
We need to allow access to all such redirecting folders by having a web.config files in those folders with below content:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</configuration>
回答2:
Ran into this same error, but had a different resolution. In our case we had to set:
<machineKey compatibilityMode="Framework45" />
Details here: http://ardalis.com/asp-net-shared-authentication-problem-solved
回答3:
In our case we had an error on the login page that redirected to the an error page that the user did not have rights to see, so it redirected to the login page... cycle rinse repeat.
We removed all the controls from the UI, then added them back one by one until the page crashed. Then we could narrow down the controls that had an error.
And yes, we gave all users access to the error page.
来源:https://stackoverflow.com/questions/20802673/access-is-denied-401-2-unauthorized-error