FormsAuthentication
There are 2 entries for the tag
FormsAuthentication
download source code and demo
download this article in .doc format
Overview
I a previous article I complained about the lack of a true 403 Forbidden error in ASP.NET and the clumsy way that authentication is handled by FormsAuthenticationModule.
The solution I came up with was a good first attempt but, in my opinion, came up short. Particularly when handling authentication of requests that ScriptModule touches. So I decided to take another swing at it, this time with some ammunition.
I took the list of HttpModules from the root Web.config and the ScriptModule that is added to ASP.NET 3.5 web apps and dove in with...
An issue that has been common for me is the way that ASP.Net FormsAuthenticationModule handles login redirection and the opaque nature of the mechanism itself.
Any authentication failure, 401 Unauthorized, e.g. not logged in, and 403 Forbidden, e.g. logged in but no permissions, are both unquestionably redirected to the the login page specified in the forms element.
While this behavior regarding the 401 is expected, I have always taken issue with the 403 redirect. It is confusing and counterproductive. The user is already logged in and it has been determined that they do not have appropriate permissions to access the resource. ...