We use Windows Authentication and have enabled advanced security (we use the custom validate function to set the appropriate username to match our security table). In ASPM 2026 if a user browses to the root path (ex. http://server/aspnet/myproject) they receive an access denied error. If they instead directly go to the login page, they are correctly logged in.
I believe there may be an error in the index route of HomeController.cs (copied below with some comments).
// Index
[Route("", Name = "index")]
[AllowAnonymous]
public async Task<IActionResult> Index()
{
//CurrentUser is null, IsLoggedIn is false
await Security.LoginAsync(); //Just returns because there isn't a current user
string url = "";
var tableList = Config.UserLevelTables;
for (var i = 0; i < tableList.Count; i++)
{
if (tableList[i].TableName == "Groups")
{
if (Security.AllowList(tableList[i].ProjectId + tableList[i].TableName))
{
url = tableList[i].Url;
break;
}
}
else if (url == "")
{
if (!Empty(tableList[i].Url) && Security.AllowList(tableList[i].ProjectId + tableList[i].TableName))
url = tableList[i].Url;
}
}
//url is still "" because we don't allow anonymous user access to tables
//IsAuthenticated returns true because the user has authenticated with the web server (we are using windows authentication)
if (url == "" && !IsAuthenticated())
{
url = "login";
}
if (url == "")
{
return StatusCode(401, DeniedMessage());
}
return new RedirectResult(AppPath(url), Config.RedirectPermanent);
}
I believe the if statement with !IsAuthenticated() should be !IsLoggedIn().