How to completely disable Forms authentication in ASP.NET application and replace it with the custom authentication module?
I set authentication mode as None in web.config
<authentication mode="None" />
and attached my own authentication module
<add name="CustomAuthenticationModule" type="CustomAuthenticationModule, Auth"/>
My custom authentication module has
application.AuthenticateRequest += new EventHandler(this.Application_AuthenticateRequest);
application.PostAuthenticateRequest += new EventHandler(this.Application_PostAuthenticateRequest);
application.AuthorizeRequest += new EventHandler(this.Application_AuthorizeRequest);
Everything looks working except one thing... when I try to get access to the secured page required Admin roles
<location path="SomePage.aspx">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
my handler doesn't catch AuthorizeRequest event. Instead this my request will be returned to the browser with the
Access is denied. Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance
Looks like some other handler processed the request and return Unauthorized request code? Didn't I completely disabled Forms authentication or missed something else?
Try enabling anonymous authentication if you have not or integrated windows authentication. If you are using anonymous authentication you make sure IIS is running.
Also, check the properties of the folder and make sure permissions are added.