RedirectFromLog inPage never returns to original page

Edward Mitchell

I have a main project that is protected in that the user is directed to a
login.aspx file.

The text in the web.config file is:

<authenticati on mode="Forms">
<forms loginUrl="Login .aspx" />
</authentication>

<authorizatio n>
<deny users="?" /> 
<allow users="*" /> 
</authorization>

When the user enters email/password and is authenticated, control is
transferred back to the main page via the line in the Login.aspx file:

if(Authenticate (EMail.Text, Password.Text)) {
// return to the original page
FormsAuthentica tion.RedirectFr omLoginPage(EMa il.Text, false);
}
else {
Output.Text = "Invalid Login";
}

Authenticate is my routine.

This all works as it should.

I also have a second project that is going to allow editing of the main page
info. This is contained in the solution but placed in a subdirectory to the
main project. In there I have a web.config file that just identifies the
login.aspx file in the parent directory so:

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms loginUrl="../Login.aspx" />
</authentication>
</system.web>
</configuration>

Again when I start the second project I am transferred to the login.aspx
file in the parent folder. I enter the credentials and when I step through
the code, the FormsAuthentica tion.RedirectFr omLoginPage(... ) routine is
called.

My problem is that the Login.aspx page is recycled. Control doesn't return
to my secondary project in the child folder it just keeps on showing the
Login page.

If I look at the browsers address line for the login page:

http://localhost/OnLineReg/Login.asp...ayRegInfo.aspx

it has the correct return address of the page in the subfolder
"DisplayRegInfo " in the ReturnUrl= argument.

Can anyone suggest if I am doing anything obviously wrong?

Ed
--
Edward E.L. Mitchell
Phone: (239)415-7039
6707 Daniel Court
Fort Myers, FL 33908

Nov 19 '05 #1

Subscribe Reply

2246

William F. Robertson, Jr.

You probably have your second project configured as an application in IIS.

bill

"Edward Mitchell" <EE*********@ne wsgroup.nospam> wrote in message
news:eS******** ******@TK2MSFTN GP10.phx.gbl...

I have a main project that is protected in that the user is directed to a
login.aspx file.

The text in the web.config file is:

<authenticati on mode="Forms">
<forms loginUrl="Login .aspx" />
</authentication>

<authorizatio n>
<deny users="?" /> 
<allow users="*" /> 
</authorization>

When the user enters email/password and is authenticated, control is
transferred back to the main page via the line in the Login.aspx file:

if(Authenticate (EMail.Text, Password.Text)) {
// return to the original page
FormsAuthentica tion.RedirectFr omLoginPage(EMa il.Text, false);
}
else {
Output.Text = "Invalid Login";
}

Authenticate is my routine.

This all works as it should.

I also have a second project that is going to allow editing of the main page info. This is contained in the solution but placed in a subdirectory to the main project. In there I have a web.config file that just identifies the
login.aspx file in the parent directory so:

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms loginUrl="../Login.aspx" />
</authentication>
</system.web>
</configuration>

Again when I start the second project I am transferred to the login.aspx
file in the parent folder. I enter the credentials and when I step through the code, the FormsAuthentica tion.RedirectFr omLoginPage(... ) routine is
called.

My problem is that the Login.aspx page is recycled. Control doesn't return to my secondary project in the child folder it just keeps on showing the
Login page.

If I look at the browsers address line for the login page:

http://localhost/OnLineReg/Login.asp...ayRegInfo.aspx
it has the correct return address of the page in the subfolder
"DisplayRegInfo " in the ReturnUrl= argument.

Can anyone suggest if I am doing anything obviously wrong?

Ed
--
Edward E.L. Mitchell
Phone: (239)415-7039
6707 Daniel Court
Fort Myers, FL 33908

Nov 19 '05 #2

Edward Mitchell

I'm pretty sure that when I created the project it was C# with the Web
Application icon chosen. However, I can't find any reference in the Project
Properties that would tell me this.

However, assuming it is a web application, can I make it work? Do I have to
start off creating the project from scratch and if so, what do I chose for
the project type?

Is there any documentation for this?

Ed
"William F. Robertson, Jr." <th****@nameht. org> wrote in message
news:uh******** ******@TK2MSFTN GP14.phx.gbl...

You probably have your second project configured as an application in IIS.

bill

"Edward Mitchell" <EE*********@ne wsgroup.nospam> wrote in message
news:eS******** ******@TK2MSFTN GP10.phx.gbl...
I have a main project that is protected in that the user is directed to a
login.aspx file.

The text in the web.config file is:

<authenticati on mode="Forms">
<forms loginUrl="Login .aspx" />
</authentication>

<authorizatio n>
<deny users="?" /> 
<allow users="*" /> 
</authorization>

When the user enters email/password and is authenticated, control is
transferred back to the main page via the line in the Login.aspx file:

if(Authenticate (EMail.Text, Password.Text)) {
// return to the original page
FormsAuthentica tion.RedirectFr omLoginPage(EMa il.Text, false);
}
else {
Output.Text = "Invalid Login";
}

Authenticate is my routine.

This all works as it should.

I also have a second project that is going to allow editing of the main

page
info. This is contained in the solution but placed in a subdirectory to

the
main project. In there I have a web.config file that just identifies the
login.aspx file in the parent directory so:

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms loginUrl="../Login.aspx" />
</authentication>
</system.web>
</configuration>

Again when I start the second project I am transferred to the login.aspx
file in the parent folder. I enter the credentials and when I step

through
the code, the FormsAuthentica tion.RedirectFr omLoginPage(... ) routine is
called.

My problem is that the Login.aspx page is recycled. Control doesn't

return
to my secondary project in the child folder it just keeps on showing the
Login page.

If I look at the browsers address line for the login page:

http://localhost/OnLineReg/Login.asp...ayRegInfo.aspx

it has the correct return address of the page in the subfolder
"DisplayRegInfo " in the ReturnUrl= argument.

Can anyone suggest if I am doing anything obviously wrong?

Ed
--
Edward E.L. Mitchell
Phone: (239)415-7039
6707 Daniel Court
Fort Myers, FL 33908

Nov 19 '05 #3

Steven Cheng[MSFT]

Hi Edward,

The problem you encountered is actual caused by some combined factors. here
is some of my suggestions:

1. Each ASP.NET Web application is hosted in an IIS folder which configured
as Application. So if you make your subfolder as Application, that
subfolder become a separate application from its parent virutal dir's
application. I don't think this is what you want, so you need to remove the
"Applciatio n" in the subfolder.

2. The <authentication > element is per-application based ,so each
application can have only one <authentication > element in the main
web.config. However, we can have multiple
<authorizatio n> element to define different protection rules for different
paths in our web application. So currently you have two options to resolve
your problem:

1) Still use a sub web.config in your sub dir(must remove that subdir as
Application), and also remove the <authentication > element in it, just put
your <authorizatio n> setting in sub dir's web.config.

2)Use the <location> element in your main web.config to specify different
<authorizatio n> settings for different paths:

#Hierarchical Configuration Architecture
http://msdn.microsoft.com/library/en...archicalconfig
urationarchitec ture.asp?frame= true

If anything unclear, please feel free to post here.

Thanks & Regards,
Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #4

Edward Mitchell

I made some more experiments. When I first visit the line in Login.aspx.cs:

FormsAuthentica tion.RedirectFr omLoginPage(EMa il.Text, false);

Page.Context.Us er.Identity contains the empty string for AuthenticationT ype
and Name and IsAuthenticated is false. If I step through this routine call
with the debugger the Page.Context.Us er fields don't change. Then control
leaves my Login.aspx.cs file (debugger stepwise) but the Login.aspx page
again shows up in the browser.

If I push the Login button again and the second time around the code in the
Login.aspx.cs file I break at the same point. Now the debugger QuickWatch
window shows that Page.Context.Us er.Identity has IsAuthenticated as true,
the AuthenticationT ype is "Forms" and the Name is correct. Something did
the right thing on leaving the LoginButton_Cli ck(...) event to no avail.

But I'm still in the Login.aspx page and will go back to the same breakpoint
when I hit the login button again.

In both the above debug breaks, I examined the expression directly in the
QuickWatch window to find out where we were supposed to go back to::

FormsAuthentica tion.GetRedirec tUrl("name", false)

and this gave the correct return URL to the page that I am trying to go back
to.

The problem is that it won't return and leave the Login page even though it
looks like the user is now supposedly authenticated.

Since the "RedirectFromLo ginPage" is system code, I am unable to step within
is to see what is really supposed to be happening.

Ed
--
Edward E.L. Mitchell
Phone: (239)415-7039
6707 Daniel Court
Fort Myers, FL 33908

Nov 19 '05 #5

Edward Mitchell

Steve,

I removed the Web.Config file from the subdirectory and added a <location>
tag to the root Web.Config. There is now a single <authenticati on
mode="Forms"> tag and two tags for the <authorization. ..>. This is the text
in my single Web.Config file:

<configuratio n>
<system.web>
...
<authenticati on mode="Forms">
<forms loginUrl="Login .aspx" />
</authentication>

<authorizatio n>
<deny users="?" /> 
<allow users="*" /> 
</authorization>
...
</system.web>
<location path="DisplayRe gInfo">
<system.web>
<authentication >
<forms loginUrl="../Login.aspx" />
</authentication>
<authorizatio n>
<deny users="?" /> 
<allow users="*" /> 
</authorization>
</system.web>
</location>
</configuration>

I found that I had to define the loginUrl as "../Login.aspx" in the location
since it appears that the path is relative to the page being authenticated.
I could use a forward slash or backslash to define the parent directory.

However, I still see the same behavior. My login.aspx file finds the user
and then does the

FormsAuthentica tion.RedirectFr omLoginPage(EMa il.Text, false);

but the login.aspx page is continually recycled. Control never goes back to
the original page.

Is the only way out of this to put all the pages in the same top-level
directory?

Ed

"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:id******** ******@TK2MSFTN GXA01.phx.gbl.. .

Hi Edward,

The problem you encountered is actual caused by some combined factors.
here
is some of my suggestions:

1. Each ASP.NET Web application is hosted in an IIS folder which
configured
as Application. So if you make your subfolder as Application, that
subfolder become a separate application from its parent virutal dir's
application. I don't think this is what you want, so you need to remove
the
"Applciatio n" in the subfolder.

2. The <authentication > element is per-application based ,so each
application can have only one <authentication > element in the main
web.config. However, we can have multiple
<authorizatio n> element to define different protection rules for different
paths in our web application. So currently you have two options to resolve
your problem:

1) Still use a sub web.config in your sub dir(must remove that subdir as
Application), and also remove the <authentication > element in it, just put
your <authorizatio n> setting in sub dir's web.config.

2)Use the <location> element in your main web.config to specify different
<authorizatio n> settings for different paths:

#Hierarchical Configuration Architecture
http://msdn.microsoft.com/library/en...archicalconfig
urationarchitec ture.asp?frame= true

If anything unclear, please feel free to post here.

Thanks & Regards,
Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #6

Steven Cheng[MSFT]

Hi Ed,

Have you also change your sub directory to a normal folder (from an
"APPLICATIO N" virtual dir)? That's the key point, we can't make a sub
folder as another separate application in IIS if they're actually the same
asp.net application.

Thanks.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #7

Edward Mitchell

Steve,

It turned out that I hadn't made the subdirectory within my virtual
directory a virtual directory of it's own. I noticed in IIS that the
virtual directories have a their own icon compared to a lowly folder. When
I made the sub-folder a virtual directory, I was able to startup using the
Login.aspx in the parent directory and return to the page in the
subdirectory.

I finished up putting all my files in one directory rather than mess with
the sub-folders.

Thanks for the feedback.

Ed

"Steven Cheng[MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:cQ******** ********@TK2MSF TNGXA02.phx.gbl ...

Hi Ed,

Have you also change your sub directory to a normal folder (from an
"APPLICATIO N" virtual dir)? That's the key point, we can't make a sub
folder as another separate application in IIS if they're actually the same
asp.net application.

Thanks.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #8

Steven Cheng[MSFT]

Good!

Glad that you've figured it our.
Have a nice day!

Cheers,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #9

Similar topics

966

RedirectFromLoginPage and loop

by: Rob O'Cop | last post by:

Hi, I've got an Intranet site that's been using the usual Forms authentication. Now, I want to retrieve the Windows Login and authenticate the user automatically without her typing login+password. Thus I changed the security parameters in IIS (anonymous user unchecked, Windows authentication checked). But I let the Forms in web.config unchanged because I wanna keep the ReturnUrl system because I have some Session parameters that are set...

.NET Framework

2000

RedirectFromLoginPage(username, true) no working

by: Gan | last post by:

Hi, I just wonder after calling the RedirectFromLoginPage function, my current page still stick to login.aspx fiile. Any clue?? Thanks

ASP.NET

1714

without Forms authentication.redirectFromLoginPage()?

by: .NET Follower | last post by:

i wan to divert users to login page if they r on secure page and then again redirect to the original page without Forms authentication.redirectFromLoginPage() and also without HTTP_REFERER. -- Thanks and Regards,

ASP.NET

3499

FormsAuthentication.RedirectFromLoginPage when no ReturnURL

by: tshad | last post by:

I have a logon page that is may be called by the Forms Authentication setup. This would put a ReturnURL as part of the URL. I would normally then just issue a: FormsAuthentication.RedirectFromLoginPage(logon.txt,true) But I also am giving them an option to register which would go to a new page. From this page, when they submit, I want to go the original page they were heading for (ReturnURL) when the went to the logon page.

ASP.NET

3577

Help!! RedirectFromLoginPage and GetRedirectUrl

by: Sandy | last post by:

Any help anyone can give me will be appreciated!!!! This is driving me c-r-a-z-y! All I can get from both of the above redirections is a redirect to a page named default.aspx. How do I make either of these work? I have an app that has two pages that need a login. I need to be able to have it automatically return to whichever page the user came from. I've tried both of the following (not together, of course):

ASP.NET

3772

FormsAuthentication.RedirectFromLoginPage is not redirecting to the correct page.

by: Jeremy Chapman | last post by:

I have built a web app. While testing I have found that if I browse to a page in the app, then get redirected to the login page and enter my credentials. The FormsAuthentication.RedirectFromLoginPage call is redirecting to the default.aspx page rather than the original page the user was at. Here is the details of my application: Web.config: <authentication mode="Forms">

ASP.NET

1248

FormsAuthentication.RedirectFromLoginPage Leaving Part of the QueryString In HTML Output

by: Ryan | last post by:

I have an aspx form using: FormsAuthentication.RedirectFromLoginPage("LoginName", False) When the form is browsed to for the VERY first time, instead of redirecting the user to the original URL, the last bit of the query string string appears at the top of the login page along with: >here. i.e. If my user is

ASP.NET

1334

How to know when to RedirectFromLoginPage?

by: Randall Parker | last post by:

Suppose the first URL a visitor visits is Logon.aspx. There's not an original page to return the user to. So how can I detect whether to send the user to the original page he tried to visit versus send him to a default page? I'm looking at this in the MS doc: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebSecurityFormsAuthenticationClassTopic.asp void LoginBtn_Click(Object sender, EventArgs...

ASP.NET

2676

FormsAuthentication.RedirectFromLoginPage

by: Mike P | last post by:

When you have authenticated a user and you call FormsAuthentication.RedirectFromLoginPage, how does it know what is the default page that it is supposed to redirect to? The page I want it to redirect to upon successful login is main.aspx, but it just says that default.aspx does not exist. How do I change it so that it tries to redirect to main.aspx instead of default.aspx?

C# / C Sharp

9568

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9404

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10168

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8833

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7381

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6651

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5279

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5423

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3929

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp