I'm having a problem with .NET Forms Authentication in a particular
application. It's not redirecting properly when my session is timed
out, seemingly only when I POST the page (i.e. click a form submit
button). If I try to GET a page after timeout (i.e. just picking a page
to visit from a menu), I am redirected to the login screen properly.
The browser error I'm getting in the POST example is "403.1 Execute
Access Forbidden". I looked into the IIS logs to compare these two
situations and found this...
Web logs during a GET after timeout:
2004-01-02 23:11:38 127.0.0.1 GET /app/bondsearch.aspx - 302
2004-01-02 23:11:38 127.0.0.1 GET /LoginPage.aspx
ReturnUrl=%2fapp%2fbondsearch.aspx 200
which looks fine, I'm getting a 302 (temp redirect) on the attempted
GET, followed by a GET redirected to the login form. However...
Web logs during a POST after timeout:
2004-01-02 22:40:36 127.0.0.1 POST /app/bondsearch.aspx - 302
2004-01-02 22:40:36 127.0.0.1
UwMC4wMDs%2BPjs%2BOzs%2BO3Q8cDxwPGw8Q3NzQ2xhc3M7Xy FTQjs%2BO2w8c21hbGxsYW
JlbDtpPDI%2BOz4%2BOz47Oz47dD /LoginPage.aspx
ReturnUrl=%2fapp%2fbondsearch.aspx 403
which is very confusing... it looks like I got a string of nonsense in
place of a normal http verb, but the rest of the line is fine, it
contains the requested resource and proper query string for return url.
Any suggestions? I can't seem to find reference to this issue in the
newsgroups. Thanks in advance for your help!
I'm using .NET framework 1.1. Here's the pertinent snippet of
web.config:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx" name=".ASPXFORMSAUTH" path="/"
protection="All" timeout="1">
<credentials passwordFormat="Clear">
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
-----------------
Ed Henn
Sacramento Superior Court MIS
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!