I am a programmer and IIS manager for years.
since last year i am starting to work with form auth en spend WEEKS of time to get used to this system.
I see a lot of BS about the subject.
Watch a lot of white papers. Watch a lot of youtube videos.
But every time coming back to the same problem.
It is a wrong assumption that you have to put on anonymous auth for the site to work. the concept is : a not known user can see nothing (except the login page) until the server knows who it is.
And there is the problem. the iis server keeps on ignoring the exception. redirection to the login page is made but then a 401.1 comes up.
Only thing is not clear to me and that me be part of the problem is the auth user in the application pool because nowhere to find what the correct setting needs to be.
The problem is spo basic, dat the whole discussion about what user, what asp.net , what files is useless.
Basic it al comes back to: why is IIS 7 refusing to show (whatever) login.aspx when you open the site.
This must be a bug!
Hope somebody got it working and can show here a workaround.
Wil help a lot of people who are in the same hell as me.
M.