deny tag of web.config not working on production server
-
Hi All I have a website on which I am using following setting in web.config 1. to use forms authentication
<authentication mode="Forms">
<forms name="MyApplication" loginUrl="/_layouts/CommerceServer/CommerceloginPage.aspx" />
</authentication>2.To secure a folder named MyAcc from anonymous access
<location path="Pages/MyAcc" allowOverride="false">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>3.The membership provider
<membership defaultProvider="UpmProvider">
<providers>
<add applicationName="MyApplication"
enablePasswordRetrieval="false"
enableEmailAddress="true"
name="UpmProvider"
type="Microsoft.CommerceServer.Runtime.Profiles.UpmMembershipProvider,Microsoft.CommerceServer.Runtime,
Version=6.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" enablePasswordReset="true" requiresQuestionAndAnswer="false"
passwordFormat="Hashed"
PasswordStrengthRegularExpression="^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,50}$" /></providers> </membership>Now the challenge is on my development server the deny tag works fine i.e when an anonymous user try to access pages which are there in MyAcc folder,the user gets redirected to login page. On the other hand on production site,the anonymous user is able to access the pages of MyAcc folder. Please suggest what could be wrong.Is there any other way to secure thge pages from anonymnous access. Thanks Regards Sandeep Kalra
modified on Monday, January 18, 2010 12:29 AM