"PMarino" <PMar***@discussions.microsoft.com> wrote in message
news:D75AD644-D5AF-4C48-A655-70C6CB283687@microsoft.com...
: Hi all.  I have a problem that I'm not sure I understand.  I have a web
site
: framework that is designed to support Windows Authentication, Forms
: Authenticatio or Mixed.  When logging off from Windows Authentication, the
: framework redirects to a special page that allows Anonymous Access but
does
: not allow Windows Authentication.  This special page then redirects to the
: front page of the application.  This front page permits Anonymous and
Windows
: Auth.
:
: While the special page is accessed Anonymously, the next (front) page uses
: Windows Auth again.  This doesn't make sense to me, and I'm wondering what
to
: do about it.  To make sure it's not the framework's bug, I wrong a simple
: test app consisiting of 3 ASP.Net pages, with the following security
config:
:
: Test.Aspx - Allow Anonymous AND Windows Auth.  Front page of applications.
:
: Secure.Aspx - Allow Windows Auth, do NOT allow Anonymous.  Page used to
grab
: user's Windows auth.
:
: NotSecure.Aspx. - Allow Anonymous, do NOT allow Windows Auth.  Page used
to
: 'log out'.
:
:
: In this test scenario, Test.Aspx redirects to Secure.Aspx, and then back
to
: Test.Aspx.  When I click 'Logout', I am redirected to NotSecure.Aspx, and
: then back to Test.Aspx.
:
: Any idea of why this happens, and how I can work around it?
:
: Thanks in advance.
:
: Here's a sample of the IIS Log file:
:
:
: 04:15:45 - GET /TestSecurity/Test.aspx - 302 -
: 04:15:45 - GET /TestSecurity/Secure.aspx - 401
: 04:15:45 Domain\UserName GET /TestSecurity/Secure.aspx - 302
: 04:15:45 Domain\UserName GET /TestSecurity/Test.aspx Stage=Logon 200
: 04:15:49 Domain\UserName POST /TestSecurity/Test.aspx Stage=Logon 302
: 04:15:49 - GET /TestSecurity/NotSecure.aspx - 302 04:15:49 Domain\UserName
: GET /TestSecurity/Test.aspx Stage=Logoff 200