6.8. Using Forms Authentication Across Different Content Types
It has been mentioned several times throughout the book that one of the major advantages of running applications in the new IIS 7.0 integrated mode is the ability of ASP.NET runtime to process requests for non-ASP.NET resources. Added to this, the managed FormsAuthenticationModule is now integrated into IIS 7.0, which means that in addition to having the native authentication modules listed and registered inside IIS, you now have the managed FormsAuthenticationModule listed so that administrators or developers can enable/disable it the same way they enable/disable any other native authentication module.
Figure 6-5 shows the list of authentication modules listed inside the IIS 7.0 Manager tool.
Figure 6-5. Figure 6-5
There are some limitations on using the managed module. If the managed FormsAuthenticationModule is enabled, you cannot enable any other native authentication module. There is a workaround to this limitation to enable both the native WindowsAuthenticationModule and the managed FormsAuthenticationModule, which you can read more about at http://mvolo.com/blogs/serverside/archive/2008/02/11/IIS-7.0-Two_2D00_Level-Authentication-with-Forms-Authentication-and-Windows-Authentication.aspx. But as a rule. and without any workarounds, you cannot enable the manage FormsAuthenticationModule while enabling any other ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
