Forms Authentication via SSL question

[Gareth]

I have an ASP.NET application using forms authentication. I works without
any problems.

I have been trying to enable the login process to work over SSL but it fails
with the same problem everytime: "Access is denied". I have created my own
SSL certificate and enabled SSL encryption on a sub-directory of the web
site called "/IRWebAdmin/secure". In this directory is my "AdminLogin.aspx"
page.

In the root directory is my "AdminMain.aspx" page that is set as the
applications default page. On startup the application is directory to the
"/IRWebAdmin/AdminMain.aspx" page, which then is then referred to
"/IRWebAdmin/secure/AdminLogin.aspx" to login.

My web.config settings are:




<authentication mode="Forms" >
<forms loginUrl="https://localhost/IRWebAdmin/secure/AdminLogin.aspx"
requireSSL="true"
protection="All"
timeout="20"
name=".IRADM"
path="/secure"
slidingExpiration="true">
</forms>
</authentication>

<authorization>
<deny users="?" />
</authorization>




On running the application I get the standard security alert due to the
certificate not being from a trusted authority. Clicking YES then displays
this error page:



Server Error in '/IRWebAdmin' Application.

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.

Error message 401.2.: You do not have permission to view this directory or
page using the credentials you supplied. Contact the Web server's
administrator for help.


Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573




Does anyone have any information as to what I am doing wrong? I have trawled
the web for days now and nothing gives me the exact answer.

Regards,
Gareth.

[Paul Glavich [MVP - ASP.NET]]

Have you tried installing your Certificate Authority as a trusted CA in the
"Trusted Root Ceritifcation Authorities" for your local machine (ie. both
server and client)?

--
- Paul Glavich
Microsoft MVP - ASP.NET


"Gareth" <gareth> wrote in message
news:OLr3dRDOEHA.2336@TK2MSFTNGP09.phx.gbl...

> I have an ASP.NET application using forms authentication. I works without
> any problems.
>
> I have been trying to enable the login process to work over SSL but it

fails

> with the same problem everytime: "Access is denied". I have created my

own

> SSL certificate and enabled SSL encryption on a sub-directory of the web
> site called "/IRWebAdmin/secure". In this directory is my

"AdminLogin.aspx"

> page.
>
> In the root directory is my "AdminMain.aspx" page that is set as the
> applications default page. On startup the application is directory to the
> "/IRWebAdmin/AdminMain.aspx" page, which then is then referred to
> "/IRWebAdmin/secure/AdminLogin.aspx" to login.
>
> My web.config settings are:
>
>
>
>
> <authentication mode="Forms" >
> <forms loginUrl="https://localhost/IRWebAdmin/secure/AdminLogin.aspx"
> requireSSL="true"
> protection="All"
> timeout="20"
> name=".IRADM"
> path="/secure"
> slidingExpiration="true">
> </forms>
> </authentication>
>
> <authorization>
> <deny users="?" />
> </authorization>
>
>
>
>
> On running the application I get the standard security alert due to the
> certificate not being from a trusted authority. Clicking YES then displays
> this error page:
>
>
>
> Server Error in '/IRWebAdmin' Application.
>
> Access is denied.
> Description: An error occurred while accessing the resources required to
> serve this request. The server may not be configured for access to the
> requested URL.
>
> Error message 401.2.: You do not have permission to view this directory or
> page using the credentials you supplied. Contact the Web server's
> administrator for help.
>
>
> Version Information: Microsoft .NET Framework Version:1.1.4322.573;

ASP.NET

> Version:1.1.4322.573
>
>
>
>
> Does anyone have any information as to what I am doing wrong? I have

trawled

> the web for days now and nothing gives me the exact answer.
>
> Regards,
> Gareth.
>
>