471,056 Members | 1,558 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,056 software developers and data experts.

Forms Authentication - Bad Redirect on POST

I'm having a problem with .NET Forms Authentication in a particular
application. It's not redirecting properly when my session is timed
out, seemingly only when I POST the page (i.e. click a form submit
button). If I try to GET a page after timeout (i.e. just picking a page
to visit from a menu), I am redirected to the login screen properly.

The browser error I'm getting in the POST example is "403.1 Execute
Access Forbidden". I looked into the IIS logs to compare these two
situations and found this...

Web logs during a GET after timeout:
2004-01-02 23:11:38 127.0.0.1 GET /app/bondsearch.aspx - 302
2004-01-02 23:11:38 127.0.0.1 GET /LoginPage.aspx
ReturnUrl=%2fapp%2fbondsearch.aspx 200

which looks fine, I'm getting a 302 (temp redirect) on the attempted
GET, followed by a GET redirected to the login form. However...

Web logs during a POST after timeout:
2004-01-02 22:40:36 127.0.0.1 POST /app/bondsearch.aspx - 302
2004-01-02 22:40:36 127.0.0.1
UwMC4wMDs%2BPjs%2BOzs%2BO3Q8cDxwPGw8Q3NzQ2xhc3M7Xy FTQjs%2BO2w8c21hbGxsYW
JlbDtpPDI%2BOz4%2BOz47Oz47dD /LoginPage.aspx
ReturnUrl=%2fapp%2fbondsearch.aspx 403

which is very confusing... it looks like I got a string of nonsense in
place of a normal http verb, but the rest of the line is fine, it
contains the requested resource and proper query string for return url.

Any suggestions? I can't seem to find reference to this issue in the
newsgroups. Thanks in advance for your help!

I'm using .NET framework 1.1. Here's the pertinent snippet of
web.config:

<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx" name=".ASPXFORMSAUTH" path="/"
protection="All" timeout="1">
<credentials passwordFormat="Clear">
</credentials>
</forms>
</authentication>

<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
-----------------
Ed Henn
Sacramento Superior Court MIS
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #1
0 1094

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by ElmoWatson | last post: by
3 posts views Thread by Kris van der Mast | last post: by
3 posts views Thread by Martin | last post: by
5 posts views Thread by Kenneth Keeley | last post: by
reply views Thread by Anonieko Ramos | last post: by
7 posts views Thread by Justin | last post: by
2 posts views Thread by code | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.