Hi, I've created an asp.net 3.5 application using forms authentication and a default Login.aspx page with a login control which is loaded when users enter restricted areas of my site. I have an SQL Server 2008 addon and I've configured the database for application services as described in http://support.discountasp.net/KB/a337/how-to-configure-aspnet-20-membershiproles-provider.aspx My web.config file has a connection string pointing to the remote database and I've configured this using VS2008 ASP.NET configuration: users, roles, access rules, everything OK and working fine when I launch the application 'locally' (the login database is anyway the remote SQL Server database of my addon: I can be sure of this as I can create new users from another machine using ASP.NET config tool and then launch the application locally and login as a newly created user in my development machine, where I have never defined that user). Anyway, when I publish the application to the remote server it works but as if no rules were defined: any anonymous user can enter any area of the site and the login page is never loaded. What I'm missing here? Here are the relevant sections of my config file (real data replaced by ... for obvious reasons):
I finally found the problem: for some reason the PUBLISH command of VS2008 does not copy my web.config files in the restricted folders to the FTP space. The file was effectively missing from the remote site, and thus no restriction was in place. This is odd, but once you know it it's trivial... Thanks anyway!
