IIS7 - making Forms Authentication to work for all the
If you were following all the news about IIS7,
you would have heard that you can now plug-in ASP.NET Forms Authentication in
the main integrated pipeline. Few of my colleagues, other friends tried doing
this and claimed that it didn't work as expected. It is just protecting only the
ASP.NET pages and they believe Forms Authentication is not in the integrated
Are they correct? They are and they are not.
They are correct in saying that Forms Authentication only comes for the ASP.NET
pages, but they are in-correct for believing Forms Authentication is in the
By default, even if you enable Forms
Authentication, you would see that it just works for ASP.NET pages. That is just
because, FormsAuthentication module has the preCondition as "managedHandler"
meaning, it would be invoked only for a managed request (ASP.NET). You would see
the below by default in the applicationHost.config.
So, if you want to enable the Forms
Authentication to work for all the requests, you got to remove that
preCondition. To enable, select "Modules" for your website on IIS manager. Right
click on "FormsAuthentication" module and click on Edit. You would see the
Uncheck "Invoke only for requests to ASP.NET
applications or managed handlers". Now, you would see that Forms Authentication
is working for all the requests to your website.
Read more about this here.
Hope this helps!