1) If I login using an account that does not
belong to the Administrators role, I get the following error. In this case, authorization is successful (I'm assuming), but authorization is failing, resulting in the following error:
Server Error in '/SiteFinityTest1' Application.
This type of page is not served.
The type of page you have requested is not served because it has been
explicitly forbidden. The extension '.aspx' may be incorrect. Please review
the URL below and make sure that it is spelled correctly.
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET
2) If I login using an account that belongs to the Administrators role, everything's fine. In this case, authentication and authorization is succeeding.
3) If I login using an invalid username or password, I get a friendly "unsuccessful" message. In this case, authentication's failed, so the authorization phase hasn't yet been reached.
Shouldn't I be getting a friendly unauthorized message upon scenario #1?
This is what my telerik\security\roles node looks like in the web.config file:
<add name="Administrators" permission="Unrestricted" />
I have one role and one membership Active Directory provider defined in my web.config file:--both providers authenticate fine, so authentication doesn't seem to be the problem here.