I am using forms authentication in IIS7 to password-protect a dev site, but the authentication seems to get by-passed when the site contains only static HTML files + login.aspx + web.config.
When I renamed the files to .aspx, I am prompted with the login form I am not doing anything fancy. I have a very simple login script and it should just redirect to index.html afterward.
Any suggestions? To summarize, the entire site is using HTML (for now) and needs to be password protected.
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="~/login.aspx" defaultUrl="index.html" protection="All" timeout="525600">
<credentials passwordFormat="Clear">
<user name="[user]" password="[password]" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>