Forms authentication BIG issue

Forms authentication does not relate to session at all, except that they
both use cookies to track the user, so changing session will have no effect
on the forms authentication (unless you've somehow built a relationship between
them in your code).

As for your problem, I'd suggest on your login page to check to see if the
user is logged in and if so show their current login on the form. It feels
like to me that your user is logged in and they access a resource where they're
not authorized. Even if you're logged in you'll be sent back to the login
page to provide credentials for the resource you were just trying to access.

-Brock
DevelopMentor
http://staff.develop.com/ballen

Hello,
I have an application that is using forms authentication and it
seems to
be working fine most of the time. Unfortunatelly, it sometimes just
redirects
me to the login screen. It seems that the session timed out. But I
login again and do the same action, it redirects me AGAIN to the login
page:

1. I login to the app now.
2. I hit some* "server side" link button or button (or any other
object that
raises a server side event).
3. The app takes me to the login screen. (Just as if the session had
timed
out)
4. I login again to the app.
5. I immediatelly hit on the same "server side" object.
6. I get redirected to the login page again.
* by saying some, I mean that it is a random part of the application.
Today may be on link "A" and tomorrow on button "B"

The whole process can take me as little as few seconds. I can even
try to use a different computer, different user (even different
countries!!) and the problem will be the same.

But if we try later:

7. I login to the application in few hours.
8. I hit on the very same "server side" object.
9. It works perfectly!!!!!
10. I continue to work with the app and in some* other place, I get
redirected to the login screen.
* by saying some, I mean that it is a random part of the application.
Today may be on link "A" and tomorrow on button "B"

I have modified the authentication cookie to be persistant or not,
to have a longer time out period, I have modified the sessionState and
the authentication tags in the web.config and I'm still having the
issue.

Any ideas?? Any at all?? I'm willing to try almost everything at
this point!!

Should you have any questions or comments, let me know.

Regards,
Cesar Saucedo

Can you post the code : web.config and the code you set the FormsAuthentica tion Ticket ?
"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:B7******** *************** ***********@mic rosoft.com...

Hello,
I have an application that is using forms authentication and it seems to
be working fine most of the time. Unfortunatelly, it sometimes just redirects
me to the login screen. It seems that the session timed out. But I login
again and do the same action, it redirects me AGAIN to the login page:

1. I login to the app now.
2. I hit some* "server side" link button or button (or any other object that
raises a server side event).
3. The app takes me to the login screen. (Just as if the session had timed
out)
4. I login again to the app.
5. I immediatelly hit on the same "server side" object.
6. I get redirected to the login page again.

* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"

The whole process can take me as little as few seconds. I can even try to
use a different computer, different user (even different countries!!) and the
problem will be the same.

But if we try later:

7. I login to the application in few hours.
8. I hit on the very same "server side" object.
9. It works perfectly!!!!!
10. I continue to work with the app and in some* other place, I get
redirected to the login screen.

* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"

I have modified the authentication cookie to be persistant or not, to have
a longer time out period, I have modified the sessionState and the
authentication tags in the web.config and I'm still having the issue.

Any ideas?? Any at all?? I'm willing to try almost everything at this
point!!

Should you have any questions or comments, let me know.

Regards,
Cesar Saucedo

See the code below.

"mallik" wrote:

Can you post the code : web.config and the code you set the FormsAuthentica tion Ticket ?
"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:B7******** *************** ***********@mic rosoft.com...

Hello,
I have an application that is using forms authentication and it seems to
be working fine most of the time. Unfortunatelly, it sometimes just redirects
me to the login screen. It seems that the session timed out. But I login
again and do the same action, it redirects me AGAIN to the login page:

1. I login to the app now.
2. I hit some* "server side" link button or button (or any other object that
raises a server side event).
3. The app takes me to the login screen. (Just as if the session had timed
out)
4. I login again to the app.
5. I immediatelly hit on the same "server side" object.
6. I get redirected to the login page again.

* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"

The whole process can take me as little as few seconds. I can even try to
use a different computer, different user (even different countries!!) and the
problem will be the same.

But if we try later:

7. I login to the application in few hours.
8. I hit on the very same "server side" object.
9. It works perfectly!!!!!
10. I continue to work with the app and in some* other place, I get
redirected to the login screen.

* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"

I have modified the authentication cookie to be persistant or not, to have
a longer time out period, I have modified the sessionState and the
authentication tags in the web.config and I'm still having the issue.

Any ideas?? Any at all?? I'm willing to try almost everything at this
point!!

Should you have any questions or comments, let me know.

Regards,
Cesar Saucedo

This is the actual code, I only left out the the appSettings and renamed the
application in the web.config.

Notice that the resource that I'm hitting, is in the "source" folder, not in
the login_head folder

--- web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<httpRuntime maxRequestLengt h="4096" />
<compilation defaultLanguage ="vb" debug="false" />
<customErrors mode="Off" />

<authenticati on mode="Forms">
<forms name="MyAppLogi nProcess" loginUrl="/MyApp/source/login.aspx"
protection="All " path="/MyApp" timeout="120" />
</authentication>

<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<sessionState mode="InProc" cookieless="fal se" timeout="120" />
<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8"
culture="en-US" uiCulture="en-US" />
</system.web>
<location allowOverride=" true">
<system.web>
<authorizatio n>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="login_hea d">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>
<appSettings>
<!-- My app settings... there are LOTS of them!!! -->
<add key="sAppName" value="MyApp" />
<!-- And many many other config settings -->
</appSettings>

</configuration>
----- In login.aspx.vb

Public Sub fCreateCookie()
Dim tktAuthenticati on As FormsAuthentica tionTicket
Dim strCookie As String
Dim ckkLogin As HttpCookie
Dim intUserType As Int16

' fLogin verify that the user is valid in my database and retrieves the
user type.
' retrieves -1 if the login failed
intUserType = fLogin()

' strUser has the user name
tktAuthenticati on = New FormsAuthentica tionTicket(3, strUser,
DateTime.Now(), _
DateTime.Now.Ad dMinutes(120), False, intUserType.ToS tring)
strCookie = FormsAuthentica tion.Encrypt(tk tAuthentication )
ckkLogin = New HttpCookie(Form sAuthentication .FormsCookieNam e(), strCookie)
Response.Cookie s.Add(ckkLogin)
If intUserType < 0 Then
' This function redirects the user to another page that will show
' an error message, destroy the login cookie and redirect to the login
page.
fLogoutRedirect ("loginerror ")
End If
End Sub

Thank you, I will try that, I have also posted the actual code as response to
mallik in this thread.

Regards,
Cesar

"Brock Allen" wrote:

Forms authentication does not relate to session at all, except that they
both use cookies to track the user, so changing session will have no effect
on the forms authentication (unless you've somehow built a relationship between
them in your code).

As for your problem, I'd suggest on your login page to check to see if the
user is logged in and if so show their current login on the form. It feels
like to me that your user is logged in and they access a resource where they're
not authorized. Even if you're logged in you'll be sent back to the login
page to provide credentials for the resource you were just trying to access.

-Brock
DevelopMentor
http://staff.develop.com/ballen

Hello,
I have an application that is using forms authentication and it
seems to
be working fine most of the time. Unfortunatelly, it sometimes just
redirects
me to the login screen. It seems that the session timed out. But I
login again and do the same action, it redirects me AGAIN to the login
page:

1. I login to the app now.
2. I hit some* "server side" link button or button (or any other
object that
raises a server side event).
3. The app takes me to the login screen. (Just as if the session had
timed
out)
4. I login again to the app.
5. I immediatelly hit on the same "server side" object.
6. I get redirected to the login page again.
* by saying some, I mean that it is a random part of the application.
Today may be on link "A" and tomorrow on button "B"

The whole process can take me as little as few seconds. I can even
try to use a different computer, different user (even different
countries!!) and the problem will be the same.

But if we try later:

7. I login to the application in few hours.
8. I hit on the very same "server side" object.
9. It works perfectly!!!!!
10. I continue to work with the app and in some* other place, I get
redirected to the login screen.
* by saying some, I mean that it is a random part of the application.
Today may be on link "A" and tomorrow on button "B"

I have modified the authentication cookie to be persistant or not,
to have a longer time out period, I have modified the sessionState and
the authentication tags in the web.config and I'm still having the
issue.

Any ideas?? Any at all?? I'm willing to try almost everything at
this point!!

Should you have any questions or comments, let me know.

Regards,
Cesar Saucedo

code looks fine to me.
By any chance, you run this application on HTTPS (SSL) ?

"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:92******** *************** ***********@mic rosoft.com...

See the code below.

"mallik" wrote:

Can you post the code : web.config and the code you set the FormsAuthentica tion Ticket ?


"Cesar" <Ce***@discussi ons.microsoft.c om> wrote in message news:B7******** *************** ***********@mic rosoft.com...

Hello,
I have an application that is using forms authentication and it seems to
be working fine most of the time. Unfortunatelly, it sometimes just redirects
me to the login screen. It seems that the session timed out. But I login
again and do the same action, it redirects me AGAIN to the login page:

1. I login to the app now.
2. I hit some* "server side" link button or button (or any other object that
raises a server side event).
3. The app takes me to the login screen. (Just as if the session had timed
out)
4. I login again to the app.
5. I immediatelly hit on the same "server side" object.
6. I get redirected to the login page again.

* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"

The whole process can take me as little as few seconds. I can even try to
use a different computer, different user (even different countries!!) and the
problem will be the same.

But if we try later:

7. I login to the application in few hours.
8. I hit on the very same "server side" object.
9. It works perfectly!!!!!
10. I continue to work with the app and in some* other place, I get
redirected to the login screen.

* by saying some, I mean that it is a random part of the application. Today
may be on link "A" and tomorrow on button "B"

I have modified the authentication cookie to be persistant or not, to have
a longer time out period, I have modified the sessionState and the
authentication tags in the web.config and I'm still having the issue.

Any ideas?? Any at all?? I'm willing to try almost everything at this
point!!

Should you have any questions or comments, let me know.

Regards,
Cesar Saucedo

This is the actual code, I only left out the the appSettings and renamed the
application in the web.config.

Notice that the resource that I'm hitting, is in the "source" folder, not in
the login_head folder

--- web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<httpRuntime maxRequestLengt h="4096" />
<compilation defaultLanguage ="vb" debug="false" />
<customErrors mode="Off" />

<authenticati on mode="Forms">
<forms name="MyAppLogi nProcess" loginUrl="/MyApp/source/login.aspx"
protection="All " path="/MyApp" timeout="120" />
</authentication>

<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<sessionState mode="InProc" cookieless="fal se" timeout="120" />
<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8"
culture="en-US" uiCulture="en-US" />
</system.web>
<location allowOverride=" true">
<system.web>
<authorizatio n>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="login_hea d">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>
<appSettings>
<!-- My app settings... there are LOTS of them!!! -->
<add key="sAppName" value="MyApp" />
<!-- And many many other config settings -->
</appSettings>

</configuration>


----- In login.aspx.vb

Public Sub fCreateCookie()
Dim tktAuthenticati on As FormsAuthentica tionTicket
Dim strCookie As String
Dim ckkLogin As HttpCookie
Dim intUserType As Int16

' fLogin verify that the user is valid in my database and retrieves the
user type.
' retrieves -1 if the login failed
intUserType = fLogin()

' strUser has the user name
tktAuthenticati on = New FormsAuthentica tionTicket(3, strUser,
DateTime.Now(), _
DateTime.Now.Ad dMinutes(120), False, intUserType.ToS tring)
strCookie = FormsAuthentica tion.Encrypt(tk tAuthentication )
ckkLogin = New HttpCookie(Form sAuthentication .FormsCookieNam e(), strCookie)
Response.Cookie s.Add(ckkLogin)
If intUserType < 0 Then
' This function redirects the user to another page that will show
' an error message, destroy the login cookie and redirect to the login
page.
fLogoutRedirect ("loginerror ")
End If
End Sub