Hi all,
I'm tryiing to set up security for a ASP.NET web application in order to
force all the users to go to a login page with an SSL connection. After the
authentication the users would go to the original page they are looking for
without SSL encrpytion.

So the flow should be:

1. user go to [url]http://myserver/page1.aspx[/url]
2. user is redirect to [url]https://myserver/login.aspx[/url] by the form
authentication
3. user insert its credentials in the login.aspx and submit to the server
4. the web server authenticates the user and redirect him to
[url]http://myserver/page1.aspx[/url]

Obviously everything is working fine if I remove the SSL on the step 2.

I get the following error between the steps 1 and 2 (just after I click
'yes' in order to accept the certificate that it was created in a fake PKI):

Server Error in '/WebApplication1' Application.
----------------------------------------------------------------------------
----

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.

Error message 401.2.: Access is denied because of the Web server's
configuration. Contact the Web server's administrator for help.

In the web.config I put these lines:

<authentication mode="Forms">
<forms name="ProgAspNetCookie" protection="All"
timeout="20"
path="/" loginUrl="https://localhost/WebApplication1/WebForm1.aspx"
/>
</authentication>

<authorization>
<deny users="?" />
</authorization>

If the loginUrl is changed to "WebForm1.aspx" everything works fine (as said
before).

Any suggestion?

TIA
Alexio