My ASP.Net web site uses Forms Authentication to allow registered users to log into their account - protects the folder /account/.
For administrative (content management etc.) purposes we also have a /cms/ folder which is secured by basic authentication.
The rest of the site is publicly accessible with neither login.
We've been running IIS7 in Classic Pipeline mode and this setup has worked fine. However, we recently changed to Integrated Pipeline mode.
Since the change, the /cms/ section behaves strangely: when browsing to /cms/ the basic authentication prompt comes up as expected, and login works fine. Then navigating to any page within the /cms/ folder works fine too. However, if I directly browse to a different file within /cms/, for example I enter www.mysite.com/cms/mypage.aspx, then I get redirected to the Forms Authentication login page. After logging in as a registered user, I then get redirected back to the requested page in the /cms/ folder and then get the basic authentication prompt. Then, after entering the /cms/ login details, I get to the page I wanted.
Switching the Pipeline mode of the application pool back to Classic mode fixes the problem. I.e. keeps the two login methods separate. However, I'd prefer to be using Integrated mode.
Does anyone know of a way to get this to work in Integrated Pipeline mode?
The forms authentication section in my root web.config file looks like this:
<authentication mode="Forms">
<forms name=".formsauth" loginUrl="/login.aspx" protection="All" timeout="300" path="/"/>
</authentication>
And the web.config file in the /account/ folder (the one I'm protecting) looks like this:
="1.0"="utf-8"
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
The /cms/ folder is setup to require HTTPS as well - but I don't think this affects my specific issue.