473,326 Members | 2,023 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

trouble with Forms authentication and new windows opened with java script

Hi,

I have an application using "Forms authentication".
Everything works perfectly well except when I try to open
a new page with java script like the following:

<script language='javascript'>window.open
(myPage.aspx','','Fullscreen=no; Scrollbars=yes;
Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
</script>

I now get to see the login page. Does anybody know how to
prevent this behaviour?

Thank you a lot!
Daniel Walzenbach
Nov 18 '05 #1
6 1889
"Daniel Walzenbach" <da**********************@freudenberg.de> wrote in
message news:5a****************************@phx.gbl...
Hi,

I have an application using "Forms authentication".
Everything works perfectly well except when I try to open
a new page with java script like the following:

<script language='javascript'>window.open
(myPage.aspx','','Fullscreen=no; Scrollbars=yes;
Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
</script>

I now get to see the login page. Does anybody know how to
prevent this behaviour?


I haven't tried this myself, but I would think that if the page you're
opening is in the same domain as the site you authenticated to, that there
would be no problem.

The question comes down to whether the authentication cookie is sent to the
server by the second page. If it wasn't sent, it would most likely be
because of different domains. For instance, if you authenticated at
http://area.company.com, and you're trying to open a page at
http://somewhereelse.company.com, it should succeed if the authentication
cookie was in domain "company.com", but not if it was in domain
"area.company.com".

As a diagnostic, put a link to your "myPage.aspx" on the page and click the
link and see what happens.

Also, what browser are you using?
--
John Saunders
John.Saunders at SurfControl.com
Nov 18 '05 #2
2 things....
One... what's the timeout on your session? This could cause this to happen.
I had some thing like this happen with iframes. I would get the login in the
iframe that timedout.

Let me look for the JavaScript that I used to fix it.

"Daniel Walzenbach" <da**********************@freudenberg.de> wrote in
message news:5a****************************@phx.gbl...
Hi,

I have an application using "Forms authentication".
Everything works perfectly well except when I try to open
a new page with java script like the following:

<script language='javascript'>window.open
(myPage.aspx','','Fullscreen=no; Scrollbars=yes;
Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
</script>

I now get to see the login page. Does anybody know how to
prevent this behaviour?

Thank you a lot!
Daniel Walzenbach

Nov 18 '05 #3
here is the Java script....
In the .aspx add at the beginning of the page (somewhere in the header)
<%If Request("var") <> "" Then%>
<script language="javascript">
top.location.href = 'login.aspx';
</script>
<%End If%>
What this does is check the session var "var" if it is not set (session time
out) it will load the login screen in the top frame. you might have to
change it to parent.location.href or something down that line....
"Daniel Walzenbach" <da**********************@freudenberg.de> wrote in
message news:5a****************************@phx.gbl...
Hi,

I have an application using "Forms authentication".
Everything works perfectly well except when I try to open
a new page with java script like the following:

<script language='javascript'>window.open
(myPage.aspx','','Fullscreen=no; Scrollbars=yes;
Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
</script>

I now get to see the login page. Does anybody know how to
prevent this behaviour?

Thank you a lot!
Daniel Walzenbach

Nov 18 '05 #4
Thank you John and George,

Unfortunately neither of your assumptions is right. I don't navigate across
domain borders neither should my session be timed out. It is not that it
happens once in a while but ever. The page I open using Java Script is
located in a sub-directory of the same application. I am using Microsoft IE
6 SP1.

Any other suggestions? If you want I can assemble a small project containing
the two pages and up it here.

Greetings

Daniel Walzenbach

"george d lake" <ge*******@cuartel15.com> schrieb im Newsbeitrag
news:O6**************@tk2msftngp13.phx.gbl...
here is the Java script....
In the .aspx add at the beginning of the page (somewhere in the header)
<%If Request("var") <> "" Then%>
<script language="javascript">
top.location.href = 'login.aspx';
</script>
<%End If%>
What this does is check the session var "var" if it is not set (session time out) it will load the login screen in the top frame. you might have to
change it to parent.location.href or something down that line....
"Daniel Walzenbach" <da**********************@freudenberg.de> wrote in
message news:5a****************************@phx.gbl...
Hi,

I have an application using "Forms authentication".
Everything works perfectly well except when I try to open
a new page with java script like the following:

<script language='javascript'>window.open
(myPage.aspx','','Fullscreen=no; Scrollbars=yes;
Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
</script>

I now get to see the login page. Does anybody know how to
prevent this behaviour?

Thank you a lot!
Daniel Walzenbach


Nov 18 '05 #5
Hi Daniel,

Since the "mypage.aspx" is in a sub directory of your web application, is
there also a "web.config" in the sub directory? And, when you perform the
form authentication, did you change any default settings for cookies?

Additionlly, have you checked if a link will work as John suggested?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #6
Hello Luke,

Thank you for your help but I solved my problem this afternoon. In fact
George was right. My session was lost. Not due to a timeout but to the fact
that I not even had an HTML file. Mea culpa. I was directly streaming out a
pdf file. I now placed my page in an iFrame and the world is good again.

Thank you everybody for your help!

Daniel

"MSFT" <lu******@online.microsoft.com> schrieb im Newsbeitrag
news:X2**************@cpmsftngxa06.phx.gbl...
Hi Daniel,

Since the "mypage.aspx" is in a sub directory of your web application, is
there also a "web.config" in the sub directory? And, when you perform the
form authentication, did you change any default settings for cookies?

Additionlly, have you checked if a link will work as John suggested?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Penn Markham | last post by:
Hello all, I am writing a script where I need to use the system() function to call htpasswd. I can do this just fine on the command line...works great (see attached file, test.php). When my...
8
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no...
1
by: William E Hatto | last post by:
Hi 1 and all, I have an asp application/web site that uses a logon page then a page for the menus and separate asp pages for all the options in the menus. The options listed in the menu's...
6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
4
by: Greg Burns | last post by:
I have built a web app that uses forms authentication. There isn't a "remember me" feature (i.e. the authentication cookie is not permanent). When you close the browser, and open a new one, you...
5
by: Rob | last post by:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The...
0
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
0
by: Rick Vooys | last post by:
Hello Everybody, I am new to .Net Programming and am using ASP.Net 2.0 with C# to build a web application. The application will be used on an intratnet currently but in the future will be opened...
3
by: =?Utf-8?B?QXhlbCBEYWhtZW4=?= | last post by:
Hi, we've got a strange problem here: We've created an ASP.NET 2.0 web application using Membership.ValidateUser() to manually authenticate users with our website. The problem is: If the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.