Many Thanks Stefan!
quote:When you mention that your existing changes don't seem to take effect I'm wondering if your code hasn't been marked as an application in IIS.
What I'm saying is that it works with or without the <remove name="LocalSqlServer"/> which I assume to be correct because I have no database to attach.
This site using <credentials> has the website root set to "Read and Scripting Only" in IIS and is marked as "Default Application". I have wildcard mapping set at the root via aspnet_isapi.dll
I have one virtual directory that was created after "wildcard mapping" was set on the root. The secured directories are physical directories under the virtual directory.
The virtual directory application name is grayed out and says "Default Application". I have the virtual set to "Read and Directory Browsing" only.
In this site, I add users and passwords in web.config under <credentials> and NOT using ASPNETDB.MDF or SQL Express. I added the following block to remove "LocalSqlServer" since I'm not using SQL Express with this site. No other connectionString code is present.
For the other membership site
which DOES use ASPNETDB.MDF with SQL Express, I'm using the default connectionString from machine.config. I have no connectionString code in web.config or anywhere else for this second site.
Both sites appear to work just fine. The authorization is restricting access as designed.
Is this proper use of authentication and authorization?
How many membership sites can you use with SQL Express with "User Instances" enabled?
Thanks much and I appreciate your help.