Re: <forms loginUrl="https:// pb

06-25-2009

re:
!> <form loginUrl="https://www.mysite.com/login/login.aspx ..../>

Is that a typo ?

That should be <forms loginUrl=

Other than that, here's a pretty good tutorial which can server as a model for you:

http://tonesnotes.com/blog/2004/05/a...cation_wi.html

Also, there are those who say that making your login page https is not good practice.
Your login page should be http and your *other* pages should be https.

Check out these two discussions :

http://forums.asp.net/t/1110341.aspx

http://forums.asp.net/t/836624.aspx

....and this article with sample code:

http://www.codeproject.com/KB/aspnet...eSecurity.aspx

Juan T. Llibre, asp.net MVP
¿ Estas probando VS 2010 y ASP.NET 4.0 ?
Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español
http://asp.net.do/foros/forums/
================================================== ===
"ADNT" <> wrote in message news:...
> Hello,
>
> I have a problem with Forms authentication and the default login page set in web.config
>
> I want to use an https secured page for it so I put in web.config authentication section
> <form loginUrl="https://www.mysite.com/login/login.aspx ..../>
>
> my web site supports ssl with a certficate and I am able to access directly from any browser the page
> https://www.mysite.com/login/login.aspx
>
> but when it is triggered by asp.net, when a non authenticated session try to access a path which need authenticated
> users, it always generate the non secured url
> http://www.mysite.com/login/login.aspx
>
> why ?
> I should get the https version as written in web.config ?
>
>
> Any help welcome.
>
> CS