Hello,
I have an application that is using forms authentication and it seems to
be working fine most of the time. Unfortunatelly, it sometimes just redirects
me to the login screen. It seems that the session timed out. But I login
again and do the same action, it redirects me AGAIN to the login page:
1. I login to the app now.
2. I hit some* "server side" link button or button (or any other object that
raises a server side event).
3. The app takes me to the login screen. (Just as if the session had timed
out)
4. I login again to the app.
5. I immediatelly hit on the same "server side" object.
6. I get redirected to the login page again.
* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"
The whole process can take me as little as few seconds. I can even try to
use a different computer, different user (even different countries!!) and the
problem will be the same.
But if we try later:
7. I login to the application in few hours.
8. I hit on the very same "server side" object.
9. It works perfectly!!!!!
10. I continue to work with the app and in some* other place, I get
redirected to the login screen.
* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"
I have modified the authentication cookie to be persistant or not, to have
a longer time out period, I have modified the sessionState and the
authentication tags in the web.config and I'm still having the issue.
Any ideas?? Any at all?? I'm willing to try almost everything at this
point!!
Should you have any questions or comments, let me know.
Regards,
Cesar Saucedo 5 1404
Forms authentication does not relate to session at all, except that they
both use cookies to track the user, so changing session will have no effect
on the forms authentication (unless you've somehow built a relationship between
them in your code).
As for your problem, I'd suggest on your login page to check to see if the
user is logged in and if so show their current login on the form. It feels
like to me that your user is logged in and they access a resource where they're
not authorized. Even if you're logged in you'll be sent back to the login
page to provide credentials for the resource you were just trying to access.
-Brock
DevelopMentor http://staff.develop.com/ballen Hello, I have an application that is using forms authentication and it seems to be working fine most of the time. Unfortunatelly, it sometimes just redirects me to the login screen. It seems that the session timed out. But I login again and do the same action, it redirects me AGAIN to the login page:
1. I login to the app now. 2. I hit some* "server side" link button or button (or any other object that raises a server side event). 3. The app takes me to the login screen. (Just as if the session had timed out) 4. I login again to the app. 5. I immediatelly hit on the same "server side" object. 6. I get redirected to the login page again. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B"
The whole process can take me as little as few seconds. I can even try to use a different computer, different user (even different countries!!) and the problem will be the same.
But if we try later:
7. I login to the application in few hours. 8. I hit on the very same "server side" object. 9. It works perfectly!!!!! 10. I continue to work with the app and in some* other place, I get redirected to the login screen. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B"
I have modified the authentication cookie to be persistant or not, to have a longer time out period, I have modified the sessionState and the authentication tags in the web.config and I'm still having the issue.
Any ideas?? Any at all?? I'm willing to try almost everything at this point!!
Should you have any questions or comments, let me know.
Regards, Cesar Saucedo
Can you post the code : web.config and the code you set the FormsAuthentica tion Ticket ?
"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:B7******** *************** ***********@mic rosoft.com... Hello, I have an application that is using forms authentication and it seems to be working fine most of the time. Unfortunatelly, it sometimes just redirects me to the login screen. It seems that the session timed out. But I login again and do the same action, it redirects me AGAIN to the login page: 1. I login to the app now. 2. I hit some* "server side" link button or button (or any other object that raises a server side event). 3. The app takes me to the login screen. (Just as if the session had timed out) 4. I login again to the app. 5. I immediatelly hit on the same "server side" object. 6. I get redirected to the login page again. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B" The whole process can take me as little as few seconds. I can even try to use a different computer, different user (even different countries!!) and the problem will be the same. But if we try later: 7. I login to the application in few hours. 8. I hit on the very same "server side" object. 9. It works perfectly!!!!! 10. I continue to work with the app and in some* other place, I get redirected to the login screen. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B" I have modified the authentication cookie to be persistant or not, to have a longer time out period, I have modified the sessionState and the authentication tags in the web.config and I'm still having the issue. Any ideas?? Any at all?? I'm willing to try almost everything at this point!! Should you have any questions or comments, let me know. Regards, Cesar Saucedo
See the code below.
"mallik" wrote: Can you post the code : web.config and the code you set the FormsAuthentica tion Ticket ?
"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:B7******** *************** ***********@mic rosoft.com... Hello, I have an application that is using forms authentication and it seems to be working fine most of the time. Unfortunatelly, it sometimes just redirects me to the login screen. It seems that the session timed out. But I login again and do the same action, it redirects me AGAIN to the login page:
1. I login to the app now. 2. I hit some* "server side" link button or button (or any other object that raises a server side event). 3. The app takes me to the login screen. (Just as if the session had timed out) 4. I login again to the app. 5. I immediatelly hit on the same "server side" object. 6. I get redirected to the login page again.
* by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B"
The whole process can take me as little as few seconds. I can even try to use a different computer, different user (even different countries!!) and the problem will be the same.
But if we try later:
7. I login to the application in few hours. 8. I hit on the very same "server side" object. 9. It works perfectly!!!!! 10. I continue to work with the app and in some* other place, I get redirected to the login screen.
* by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B"
I have modified the authentication cookie to be persistant or not, to have a longer time out period, I have modified the sessionState and the authentication tags in the web.config and I'm still having the issue.
Any ideas?? Any at all?? I'm willing to try almost everything at this point!!
Should you have any questions or comments, let me know.
Regards, Cesar Saucedo
This is the actual code, I only left out the the appSettings and renamed the
application in the web.config.
Notice that the resource that I'm hitting, is in the "source" folder, not in
the login_head folder
--- web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<httpRuntime maxRequestLengt h="4096" />
<compilation defaultLanguage ="vb" debug="false" />
<customErrors mode="Off" />
<authenticati on mode="Forms">
<forms name="MyAppLogi nProcess" loginUrl="/MyApp/source/login.aspx"
protection="All " path="/MyApp" timeout="120" />
</authentication>
<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<sessionState mode="InProc" cookieless="fal se" timeout="120" />
<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8"
culture="en-US" uiCulture="en-US" />
</system.web>
<location allowOverride=" true">
<system.web>
<authorizatio n>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="login_hea d">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>
<appSettings>
<!-- My app settings... there are LOTS of them!!! -->
<add key="sAppName" value="MyApp" />
<!-- And many many other config settings -->
</appSettings>
</configuration>
----- In login.aspx.vb
Public Sub fCreateCookie()
Dim tktAuthenticati on As FormsAuthentica tionTicket
Dim strCookie As String
Dim ckkLogin As HttpCookie
Dim intUserType As Int16
' fLogin verify that the user is valid in my database and retrieves the
user type.
' retrieves -1 if the login failed
intUserType = fLogin()
' strUser has the user name
tktAuthenticati on = New FormsAuthentica tionTicket(3, strUser,
DateTime.Now(), _
DateTime.Now.Ad dMinutes(120), False, intUserType.ToS tring)
strCookie = FormsAuthentica tion.Encrypt(tk tAuthentication )
ckkLogin = New HttpCookie(Form sAuthentication .FormsCookieNam e(), strCookie)
Response.Cookie s.Add(ckkLogin)
If intUserType < 0 Then
' This function redirects the user to another page that will show
' an error message, destroy the login cookie and redirect to the login
page.
fLogoutRedirect ("loginerror ")
End If
End Sub
Thank you, I will try that, I have also posted the actual code as response to
mallik in this thread.
Regards,
Cesar
"Brock Allen" wrote: Forms authentication does not relate to session at all, except that they both use cookies to track the user, so changing session will have no effect on the forms authentication (unless you've somehow built a relationship between them in your code).
As for your problem, I'd suggest on your login page to check to see if the user is logged in and if so show their current login on the form. It feels like to me that your user is logged in and they access a resource where they're not authorized. Even if you're logged in you'll be sent back to the login page to provide credentials for the resource you were just trying to access.
-Brock DevelopMentor http://staff.develop.com/ballen Hello, I have an application that is using forms authentication and it seems to be working fine most of the time. Unfortunatelly, it sometimes just redirects me to the login screen. It seems that the session timed out. But I login again and do the same action, it redirects me AGAIN to the login page:
1. I login to the app now. 2. I hit some* "server side" link button or button (or any other object that raises a server side event). 3. The app takes me to the login screen. (Just as if the session had timed out) 4. I login again to the app. 5. I immediatelly hit on the same "server side" object. 6. I get redirected to the login page again. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B"
The whole process can take me as little as few seconds. I can even try to use a different computer, different user (even different countries!!) and the problem will be the same.
But if we try later:
7. I login to the application in few hours. 8. I hit on the very same "server side" object. 9. It works perfectly!!!!! 10. I continue to work with the app and in some* other place, I get redirected to the login screen. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B"
I have modified the authentication cookie to be persistant or not, to have a longer time out period, I have modified the sessionState and the authentication tags in the web.config and I'm still having the issue.
Any ideas?? Any at all?? I'm willing to try almost everything at this point!!
Should you have any questions or comments, let me know.
Regards, Cesar Saucedo
code looks fine to me.
By any chance, you run this application on HTTPS (SSL) ?
"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:92******** *************** ***********@mic rosoft.com... See the code below. "mallik" wrote: Can you post the code : web.config and the code you set the FormsAuthentica tion Ticket ? "Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:B7******** *************** ***********@mic rosoft.com... Hello, I have an application that is using forms authentication and it seems to be working fine most of the time. Unfortunatelly, it sometimes just redirects me to the login screen. It seems that the session timed out. But I login again and do the same action, it redirects me AGAIN to the login page: 1. I login to the app now. 2. I hit some* "server side" link button or button (or any other object that raises a server side event). 3. The app takes me to the login screen. (Just as if the session had timed out) 4. I login again to the app. 5. I immediatelly hit on the same "server side" object. 6. I get redirected to the login page again. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B" The whole process can take me as little as few seconds. I can even try to use a different computer, different user (even different countries!!) and the problem will be the same. But if we try later: 7. I login to the application in few hours. 8. I hit on the very same "server side" object. 9. It works perfectly!!!!! 10. I continue to work with the app and in some* other place, I get redirected to the login screen. * by saying some, I mean that it is a random part of the application. Today may be on link "A" and tomorrow on button "B" I have modified the authentication cookie to be persistant or not, to have a longer time out period, I have modified the sessionState and the authentication tags in the web.config and I'm still having the issue. Any ideas?? Any at all?? I'm willing to try almost everything at this point!! Should you have any questions or comments, let me know. Regards, Cesar Saucedo This is the actual code, I only left out the the appSettings and renamed the application in the web.config. Notice that the resource that I'm hitting, is in the "source" folder, not in the login_head folder --- web.config <?xml version="1.0" encoding="utf-8" ?> <configuratio n> <system.web> <httpRuntime maxRequestLengt h="4096" /> <compilation defaultLanguage ="vb" debug="false" /> <customErrors mode="Off" /> <authenticati on mode="Forms"> <forms name="MyAppLogi nProcess" loginUrl="/MyApp/source/login.aspx" protection="All " path="/MyApp" timeout="120" /> </authentication> <trace enabled="false" requestLimit="1 0" pageOutput="fal se" traceMode="Sort ByTime" localOnly="true " /> <sessionState mode="InProc" cookieless="fal se" timeout="120" /> <globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8" culture="en-US" uiCulture="en-US" /> </system.web> <location allowOverride=" true"> <system.web> <authorizatio n> <deny users="?" /> <allow users="*" /> </authorization> </system.web> </location> <location path="login_hea d"> <system.web> <authorizatio n> <allow users="*" /> </authorization> </system.web> </location> <appSettings> <!-- My app settings... there are LOTS of them!!! --> <add key="sAppName" value="MyApp" /> <!-- And many many other config settings --> </appSettings> </configuration> ----- In login.aspx.vb Public Sub fCreateCookie() Dim tktAuthenticati on As FormsAuthentica tionTicket Dim strCookie As String Dim ckkLogin As HttpCookie Dim intUserType As Int16 ' fLogin verify that the user is valid in my database and retrieves the user type. ' retrieves -1 if the login failed intUserType = fLogin() ' strUser has the user name tktAuthenticati on = New FormsAuthentica tionTicket(3, strUser, DateTime.Now(), _ DateTime.Now.Ad dMinutes(120), False, intUserType.ToS tring) strCookie = FormsAuthentica tion.Encrypt(tk tAuthentication ) ckkLogin = New HttpCookie(Form sAuthentication .FormsCookieNam e(), strCookie) Response.Cookie s.Add(ckkLogin) If intUserType < 0 Then ' This function redirects the user to another page that will show ' an error message, destroy the login cookie and redirect to the login page. fLogoutRedirect ("loginerror ") End If End Sub This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: MJ |
last post by:
I'm building an application that has a file structure similar to the
following:
/myapp/user_login.aspx
/myapp/user_page_1.aspx
/myapp/user_page_2.aspx
/myapp/user_page_3.aspx
/myapp/admin/admin_login.aspx
/myapp/admin/admin_page_1.aspx
/myapp/admin/admin_page_2.aspx
|
by: Greg Burns |
last post by:
I have built a web app that uses forms authentication. There isn't a
"remember me" feature (i.e. the authentication cookie is not permanent).
When you close the browser, and open a new one, you must log in again. This
is the behavior I expected.
I just discovered that if I have a browser window open (to anything) prior
to opening my web app in a new browser window, it appears to share session
information. I can then open and close my...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET Applications and
owner of Access Microsystems. Doug can be reached at
doug@accessmicrosystems.com.
--------------------------------------------------------------------------------
|
by: Justin |
last post by:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin"...
|
by: Wiktor Zychla [C# MVP] |
last post by:
Hi,
I struggle for over an hour with the integrated Cassini web server. the
problem I am facing is as follows:
when I turn forms authentication on in the web.config file, the website
seems to be running in the context of a wrong directory. images, style
sheets and jscripts files placed in app directory (or in subdirectories)
suddenly become invisible to the application. when I move the application to
the IIS, it works as expected but...
| |
by: eric.olstad |
last post by:
I'm pullin my hair out here. I've created a login page that uses Forms
Authentication. Initially, it loads the types of authentication
methods from a database and asks the user to select the auth method
from a drop down list. Each method corresponds to an external module
(assembly) that is loaded using reflection and accessed using a common
interface. The modules work, I know that.
The issues come after I log in. After logging in, I...
|
by: =?Utf-8?B?RmFyaWJh?= |
last post by:
It know that we can use the following method
http://msdn2.microsoft.com/en-us/library/eb0zx8fc.aspx
to form authenticate across multiple applications.
I have created an asp.net application that supports form authentication. My
application is going to be called by another legacy application (HTML) which
does the initial authentication.Something like this:
<form name="form1" action="auth.asp" method="post" >
|
by: =?Utf-8?B?QXhlbCBEYWhtZW4=?= |
last post by:
Hi,
we've got a strange problem here:
We've created an ASP.NET 2.0 web application using Membership.ValidateUser()
to manually authenticate users with our website.
The problem is: If the user has the "User must change password" flag set in
Active Directory, ValidateUser() always returns false if that user wants to
log in.
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
<configuration>
<system.web>
<customErrors mode="Off"/>
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |