I need to change the default page a C# application redirects to when the current authenticated user doesn't have permission to reach that page. I looked through the application and found the following code:

<authentication mode="Forms">
   <forms timeout="525600" loginUrl="~/login/" defaultUrl="~/unauthorized/" />
</authentication>

It did not have a defaultUrl before, so I added one, tested it, and saw no change in behavior. As a test I also changed the loginUrl to another page, rebuilt the site, cleared my browser cache, and still saw no change. No matter what I put in loginUrl and defaultUrl, I couldn't get the default page to change from ~/login/. I saw somewhere that web.config configuration files can be superceded by other web.config files. There are two in this application, and this one is at the root of the application. The other one has no mention of authentication in it.

So my question is this: Is this enough information for some guidance on what could be causing my application to ignore my web.config changes? Assume I am uninformed regarding C# (because I am) and may have made a stupid mistake.

Edited 2 Years Ago by Andrew_9

We ended up using IIS to redirect. I'm still curious what would cause the loginUrl setting to be overwritten or ignored.

I saw somewhere that another dll could be setting it at runtime which would overwrite the web.config. Not sure if that was true in this case however.

IIS tends to ignore those settings. Why? Who knows... However, it will pull them from the AppConfig if you set them.

<add key="loginUrl" value="~/login/" />
<add key="defaultUrl" value="~/unauthorized/" />

If you add those into your config, it should work.

Thanks Ketsuekiame. I saw that mentioned elsewhere on the internet, and believe it would have resolved my problem. I don't have an opportunity to test it now unfortunately.

This question has already been answered. Start a new discussion instead.