Hello,
we have migrated our website from .NET 1.1 to .NET 2.0.
After this, some of our users are unable to log-on our site, while for
the majority of them there's no problem.
We're using a standard procedure to login (see below).
The Request.Cookies[FormsAuthentica tion.FormsCooki eName] returns NULL,
after their login attempt, on subsequent pages. We're setting other
cookies, for instance the cookies of google analytics, with no
problem.The're no problem too with the ASP.NET_Session Id cookie.
The only way for them to be able to logon, is to manually delete their
cookies.
Here is the code, we're using:
iduser = Encryption.Encr ypt(userid.ToSt ring());
FormsAuthentica tion.SetAuthCoo kie(iduser, false);
userdata = "XXX";
FormsAuthentica tionTicket ticket = new FormsAuthentica tionTicket(
1, // version
iduser, // user name
DateTime.Now, // issue time
DateTime.Now.Ad dHours(72), // expires
persistent, // persistent
userdata // user data
);
FormsCookie = new HttpCookie(Form sAuthentication .FormsCookieNam e,
FormsAuthentica tion.Encrypt(ti cket));
HttpContext.Cur rent.Response.C ookies.Add(Form sCookie);
Then we do a Response. Redirect.
Does anybody have an idea of what we can do ? It's a real problem for
us.
Thanks in advance 1 1654
Hi,
thanks for the reply. Yes we're using .NET 2.0 already.
Anyway, I've found the solution but cannot really explain it and if
you have an idea about that, I would be really interested.
I realized that 2 cookies were actually created: one associated with
"mydomain.c om" and one with "www.mydomain.c om".
The problem was solved by setting the cookie domain to "mydomain.c om".
It doesn't work when I set it to "www.mydomain.c om" and I don't know
why.
Regarding the IIS configuraiton, the websites headers doesn't contain
"mydomain.c om". We have a second website defined that redirect
"mydomain.c om" to "www.mydomain.c om" for the people just arriving on
our site using "mydomain.c om".
What I don't understand is is why did the .NET framework create a
"mydomain.c om" cookie by default (i.e. when no domain was set), even
if I came to the website with the "www.mydomain.c om" URL ?
Then the problem occured when people logged in on the previous version
of the site (.NET 1.1) with an old "mydomain.c om" cookie : the new
version of the site was unable to read this cookie or overwrite it.
And so the user was unable to logon. When we set the domain property
of the cookie to "mydomain.c om", it works, the cookie can then be
overrided and everything works fine. Note that it wasn't systematics:
only around 20 to 30% of our users encountered it.
Thanks again for your reply This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Dan Stromberg |
last post by:
If I wanted to write a python script that performs basic auth, gets a
cookie, and then does an http POST using the cookie for authentication,
what would be the best python API to write to?
Does someone already have example code that does something like this?
Thanks.
|
by: Kevin |
last post by:
I need to control access to my web site via login
information in a database on the server.
The only way I see to do this is to use an authenication
scheme that doesn't require a user login (either
anonymous or certificates mapped to a user) to establish
the IIS login. Then, I would have to handle the
application's login though my own web page and server
code. Is there another way that I should consider?
|
by: buran |
last post by:
Dear ASP.NET Programmers,
How can I post data to an ASP.NET login page and pass authentication? The
login page uses forms
authentication, users must supply usernames and password and have to click
on a submit button. I
want to automate this process by supplying values with HttpWebRequest and
then download a file on
the site. I think that I cannot invoke the submit button. Pleeeasee help,
thanks in advance
|
by: David W. Simmonds |
last post by:
I have a form that will prompt for a user name/password. In VS.NET, I have
the protected form in a folder named Admin. I have a Web.config file in that
folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
|
by: Iggy Evans |
last post by:
Hi
My app is trying to login to an ASP.NET site that uses Forms authentication. I am trying to do in my app (what was previously posted in a newsgroup) the same that a browser does
3) The browser requests the login page specified
4) The server responds with the login pag
5) The user fills in the login page and submits the form, so the browser POSTs the form back to the login pag
6) If the credentials are valid, the server responds with...
| |
by: 23s |
last post by:
I had this problem in the past, after a server reformat it went away, and
now after another server reformat it's back again - no clue what's doing it.
Here's the flow:
Website root is public, no SSL no forms auth. One of the subfolders in the
public area is the root of a "protected" area; SSL is required from this
subfolder on forward and a web.config in the subfolder specifies forms
authentication. From the public area, I provide a...
|
by: =?Utf-8?B?RHVrZSAoQU4yNDcp?= |
last post by:
The majority of pages on our site need authentication (forms auth against the
aspnetdb database). I created an '~/auth' folder with its own config file
forcing authentication for any pages in the folder.
The default.aspx sits in the root folder and just does a Response.Redirect
to an ~/auth/home.aspx page. The config forces authentication, which is
carried out by ~/pub/login.aspx which has a standard asp:login control.
I set up the...
|
by: J. Frank Parnell |
last post by:
The goal here is to use basic authentication for a user to log in, but keep a
cookie so that they dont have to log in every browser session.
<?
$user = "user";
$pass = "pass";
if(($_COOKIE!=$user) OR ($_COOKIE!=$pass)){
if (
(!isset( $_SERVER )) OR
|
by: Josh |
last post by:
I run a Joomla website and am familiar with php in some but not all
aspects. Currently I am trying to find some solutions related to
session handling.
Am I correct in saying that "login" is kept in sessions? I can see
active sessions in my mysql database, but is that the only place this
information is stored? Sessions and cookies I know are related also,
but how specifically (session info stored in cookies?)?
Right now, when users...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |