473,836 Members | 1,907 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

forms authentication not authenticating

I have built a web app that uses forms authentication. There isn't a
"remember me" feature (i.e. the authentication cookie is not permanent).
When you close the browser, and open a new one, you must log in again. This
is the behavior I expected.

I just discovered that if I have a browser window open (to anything) prior
to opening my web app in a new browser window, it appears to share session
information. I can then open and close my web app over and over and it
never makes me log in after the very first time if that first browser window
(which isn't even part of my app) remains open.

It there anything I can do about this?

Thanks,
Greg
Nov 17 '05 #1
4 2750
Hi Greg,

It is really strange since the browser has no relation to the asp.net web
application. Anyway, please check out your web.config file to see if there
is anything wrong.

Also, I suggest you try the steps in this article to create a form based
authentication asp.net web app. Please test on this new web app to see if
you could repro the problem.
"HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application
by Using Visual Basic .NET"
http://support.microsoft.com/?id=308157

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ˇ°as isˇ± with no warranties and confers no rights.
Nov 17 '05 #2
I did some more testing.

Try this to duplicate the problem:

Open a site that uses forms authentication. In my test I am using the
IBuySpy portal.

http://www.asp.net/IBS_Portal/DesktopDefault.aspx

Create account and sign in (do not check the remember login box). Creating
a shortcut on desktop (I think this is the important piece.) to the web
site.

Close all browser windows.

Open a new browser window to something (say www.yahoo.com)

Leave that window open, double click on the shortcut to IBuySpy portal.
Sign-in again. Close browser, leaving Yahoo open in first browser.
Double-click shortcut to IBuySpy again. Notice, you are still logged in!
Close window, repeat ad nauseam. :^)

Thanks,
Greg

"Tian Min Huang" <ti******@onlin e.microsoft.com > wrote in message
news:os******** ******@cpmsftng xa06.phx.gbl...
Hi Greg,

It is really strange since the browser has no relation to the asp.net web
application. Anyway, please check out your web.config file to see if there
is anything wrong.

Also, I suggest you try the steps in this article to create a form based
authentication asp.net web app. Please test on this new web app to see if
you could repro the problem.
"HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application
by Using Visual Basic .NET"
http://support.microsoft.com/?id=308157

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ˇ°as isˇ± with no warranties and confers no rights.

Nov 17 '05 #3
You can do the same thing by opening a browser window, then opening a a new
window from it (CTRL-N).

I am sure this is just the way it works, but it was confusing at first. Am
I correct in saying, it is because all these windows are sharing the same
session ID, hence the same authentication cookie? (I can see that they
are.)

I guess, double-clicking on a shortcut to a web site does the same thing as
a CTRL-N. Ie., it does not launch a new session. Bummer.

Thanks,
Greg
"Jim Cheshire (MS)" <ja******@onlin e.microsoft.com > wrote in message
news:OF******** ******@cpmsftng xa06.phx.gbl...
Hi Greg,

I can reproduce this issue easily. I am looking into it for you.

Jim Cheshire
Developer Support
ASP.NET
ja******@online .microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Greg Burns" <gr********@hot mail.com>
References: <#T************ **@TK2MSFTNGP11 .phx.gbl>

<os************ **@cpmsftngxa06 .phx.gbl>
Subject: Re: forms authentication not authenticating
Date: Mon, 28 Jul 2003 10:20:37 -0400
Lines: 55
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#E************ **@TK2MSFTNGP10 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: 146.145.213.7
Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!TK2 MSFTNGP10.phx.g bl
Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:1626 04
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet

I did some more testing.

Try this to duplicate the problem:

Open a site that uses forms authentication. In my test I am using the
IBuySpy portal.

http://www.asp.net/IBS_Portal/DesktopDefault.aspx

Create account and sign in (do not check the remember login box). Creatinga shortcut on desktop (I think this is the important piece.) to the web
site.

Close all browser windows.

Open a new browser window to something (say www.yahoo.com)

Leave that window open, double click on the shortcut to IBuySpy portal.
Sign-in again. Close browser, leaving Yahoo open in first browser.
Double-click shortcut to IBuySpy again. Notice, you are still logged in!
Close window, repeat ad nauseam. :^)

Thanks,
Greg

"Tian Min Huang" <ti******@onlin e.microsoft.com > wrote in message
news:os******* *******@cpmsftn gxa06.phx.gbl.. .
Hi Greg,

It is really strange since the browser has no relation to the asp.net web application. Anyway, please check out your web.config file to see if

there is anything wrong.

Also, I suggest you try the steps in this article to create a form based authentication asp.net web app. Please test on this new web app to see if you could repro the problem.
"HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET"
http://support.microsoft.com/?id=308157

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ˇ°as isˇ± with no warranties and confers no

rights.


Nov 17 '05 #4
Greg,

That's exactly what's happening. When you are using Forms authentication
and an unpersistant cookie, the cookie is in-memory. Apparently, Internet
Explorer is sharing that memory space when the window is opened via the
shortcut icon or a Ctrl-N. This is expected when you are using Ctrl-N or
Window, New Window. Obviously if that didn't share session state with the
original window, it would be undesirable for an Internet developer. (That
would also mean that a client-side window.open or a _blank target attribute
would also lose session state.)

This is by-design, although it may be counter-intuitive at first and may
provide undesirable results at times. The solution in your case is to make
sure that your Forms authentication ticket expires within a relatively
short timeframe.

Jim Cheshire
Developer Support
ASP.NET
ja******@online .microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
From: "Greg Burns" <gr********@hot mail.com>
References: <#T************ **@TK2MSFTNGP11 .phx.gbl> <os************ **@cpmsftngxa06 .phx.gbl>
<#E************ **@TK2MSFTNGP10 .phx.gbl>
<OF************ **@cpmsftngxa06 .phx.gbl>Subject: Re: forms authentication not authenticating
Date: Mon, 28 Jul 2003 17:18:11 -0400
Lines: 112
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <e$************ **@tk2msftngp13 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: 146.145.213.7
Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!tk2 msftngp13.phx.g bl
Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:1627 71
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet

You can do the same thing by opening a browser window, then opening a a new
window from it (CTRL-N).

I am sure this is just the way it works, but it was confusing at first. Am
I correct in saying, it is because all these windows are sharing the same
session ID, hence the same authentication cookie? (I can see that they
are.)

I guess, double-clicking on a shortcut to a web site does the same thing as
a CTRL-N. Ie., it does not launch a new session. Bummer.

Thanks,
Greg
"Jim Cheshire (MS)" <ja******@onlin e.microsoft.com > wrote in message
news:OF******* *******@cpmsftn gxa06.phx.gbl.. .
Hi Greg,

I can reproduce this issue easily. I am looking into it for you.

Jim Cheshire
Developer Support
ASP.NET
ja******@online .microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: "Greg Burns" <gr********@hot mail.com>
>References: <#T************ **@TK2MSFTNGP11 .phx.gbl>

<os************ **@cpmsftngxa06 .phx.gbl>
>Subject: Re: forms authentication not authenticating
>Date: Mon, 28 Jul 2003 10:20:37 -0400
>Lines: 55
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#E************ **@TK2MSFTNGP10 .phx.gbl>
>Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
>NNTP-Posting-Host: 146.145.213.7
>Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!TK2 MSFTNGP10.phx.g bl
>Xref: cpmsftngxa06.ph x.gblmicrosoft.publ ic.dotnet.frame work.aspnet:162 604 >X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
>
>I did some more testing.
>
>Try this to duplicate the problem:
>
>Open a site that uses forms authentication. In my test I am using the
>IBuySpy portal.
>
>http://www.asp.net/IBS_Portal/DesktopDefault.aspx
>
>Create account and sign in (do not check the remember login box).Creating >a shortcut on desktop (I think this is the important piece.) to the web
>site.
>
>Close all browser windows.
>
>Open a new browser window to something (say www.yahoo.com)
>
>Leave that window open, double click on the shortcut to IBuySpy portal.
>Sign-in again. Close browser, leaving Yahoo open in first browser.
>Double-click shortcut to IBuySpy again. Notice, you are still logged in! >Close window, repeat ad nauseam. :^)
>
>Thanks,
>Greg
>
>
>
>"Tian Min Huang" <ti******@onlin e.microsoft.com > wrote in message
>news:os******* *******@cpmsftn gxa06.phx.gbl.. .
>> Hi Greg,
>>
>> It is really strange since the browser has no relation to the asp.netweb >> application. Anyway, please check out your web.config file to see if

there
>> is anything wrong.
>>
>> Also, I suggest you try the steps in this article to create a formbased >> authentication asp.net web app. Please test on this new web app to seeif >> you could repro the problem.
>> "HOW TO: Implement Forms-Based Authentication in Your ASP.NETApplication >> by Using Visual Basic .NET"
>> http://support.microsoft.com/?id=308157
>>
>> Regards,
>>
>> HuangTM
>> Microsoft Online Partner Support
>> MCSE/MCSD
>>
>> Get Secure! ¨C www.microsoft.com/security
>> This posting is provided ˇ°as isˇ± with no warranties and confers no
>rights.
>>
>>
>
>
>



Nov 17 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
301
by: Reshma Prabhu | last post by:
Hello, I have developed a web site which uses forms authentication for authenticating users. The problem is that the site is divided into frames and so whenver the cookie expires each frame shows login page. I want that Login page should be shown in the whole page not in each frame.
5
1937
by: anony | last post by:
Hi, I have a site that uses forms authentication to secure the directory. The site behaves as expected when viewed externally... if I close the browser and attempt to access it again, I get prompted to login. However, locally here on the network, if I close the browser and open a new one and access the site again, I don't have to login. Can anyone shed some light as to what's going on? Thanks,
3
4749
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I cannot write to web.config so I cannot dynamically update the credentials while the site is up. Since the FormsAuthentication.Authenticate() method's documentations claims the following: "Attempts to validate the credentials against those contained...
0
4258
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com. --------------------------------------------------------------------------------
7
1714
by: - Steve - | last post by:
I have forms based authentication working, using my Active Directory for authentication. I have a web page that creates a user in active directory. When I was using IIS authentication it worked fine, now it doesn't. I'm assuming it's running in the context of the IIS anonymous user. How can I get it to run as the user that logged in with the forms based authentication? --
4
2597
by: Trevor Andrew | last post by:
Hi There, Hopefully this isn't too difficult a question to express here. I have a 3 tier application. 1. Presentation Tier: ASP.NET web application. 2. Middle Tier: ASP.NET Web Services that invoke COM based API for a third party product. 3. Data Tier: A SQL Server database that I can only access via the API. The user authentication for the web application is actually done via a call
4
1973
by: MatthewRoberts | last post by:
Howdy All, We have an ASP.NET web application that uses Forms Authentication and has worked without problems for some time. However, we recently added a Shockwave SWF file to the mix for flash and interactivity. All ASPX, HTML, and other web files are protected by security. If you are not properly authenticated but try to access an ASPX or HTML file,
1
4691
by: Mark Olbert | last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly because I don't want to create my own provider at this point, and the supplied stuff comes with a lot of baggage I don't want/need). In ASPNET1.1 what I would do was something like the following, after authenticating the user on the login form: FormsAuthentication.SetAuthCookie(userInfo.UserID, false); ...
40
7614
by: webrod | last post by:
Dear All, let's say I have a web service. I would like to authenticate users who try to access it. I am on a winnt server so I will have to use NTLM but I don't want to use IIS settings. Is there a way to authenticate a user using WSE 3.0 against NTLM?? All the samples I have found on the web provide a solution based on
0
9812
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9658
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10534
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10579
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
6975
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5644
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4444
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4004
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3103
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.