I have a form that will prompt for a user name/password. In VS.NET, I have
the protected form in a folder named Admin. I have a Web.config file in that
folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
file with the following section:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
</authentication>
In LoginPage.aspx, I have a user name and password edit box and a Login
button. When clicked it executes the following code:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
string userData = "";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect (FormsAuthentication.GetRedirectUrl(UserName.Text,
Persistent.Checked));
}
else
Message("Invalid login");
}
If I specify an invalid login combination, the Message statement executes.
This is good. If I specify a good combination, the form never moves from the
login page. The forms are running in a frame on the page that presents them.
Why would the page not be redirected when authentication is valid? 11  2931 
More info:
It appears the the url obtained from FormsAuthentication.GetRedirectUrl is
not a fully qualified url. It is a relative url. Is there a way for fully
qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:v38Zb.564404$X%5.377677@pd7tw2no... I have a form that will prompt for a user name/password. In VS.NET, I have
the protected form in a folder named Admin. I have a Web.config file in
that folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
file with the following section:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
</authentication>
In LoginPage.aspx, I have a user name and password edit box and a Login
button. When clicked it executes the following code:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
string userData = "";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect
(FormsAuthentication.GetRedirectUrl(UserName.Text, Persistent.Checked));
}
else
Message("Invalid login");
}
If I specify an invalid login combination, the Message statement executes.
This is good. If I specify a good combination, the form never moves from
the login page. The forms are running in a frame on the page that presents
them. Why would the page not be redirected when authentication is valid?
Even more info:
It seems that the Redirect is working fine, but it is redirecting back to
the login page even though the url does not contain LoginPage.aspx. It
contains the url to the aspx page that is in the protected folder. Now I
really don't know what is happening now. It's as if the authentication
succeeds, but it redirects me back to the same login page anyway.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:lo8Zb.564544$X%5.156411@pd7tw2no... More info:
It appears the the url obtained from FormsAuthentication.GetRedirectUrl is
not a fully qualified url. It is a relative url. Is there a way for fully
qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:v38Zb.564404$X%5.377677@pd7tw2no... I have a form that will prompt for a user name/password. In VS.NET, I
have the protected form in a folder named Admin. I have a Web.config file in
that folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
file with the following section:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
</authentication>
In LoginPage.aspx, I have a user name and password edit box and a Login
button. When clicked it executes the following code:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
string userData = "";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket( 1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect
(FormsAuthentication.GetRedirectUrl(UserName.Text, Persistent.Checked));
}
else
Message("Invalid login");
}
If I specify an invalid login combination, the Message statement
executes. This is good. If I specify a good combination, the form never moves from
the login page. The forms are running in a frame on the page that presents
them. Why would the page not be redirected when authentication is valid?
If its redirecting to the login page it sounds like either the cookie
isn't persisting properly or the login isn't successful.
Can I ask why you have two web.config files? I thought (and I could
be wrong) that a Web Application has only one web.config file that it
loads up when running so am a little unclear about why you have the
second one. If you want a timeout value - you would set that on the
cookie you create.
I have this in my web.config file:
<authentication mode="Forms">
<forms name="demoReport"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
I set the start page to be report.aspx and when I run it it send me to
login.aspx to authenticate me. I'm actually authenticating against
active directory in a custom method but my code for the ticket is:
if (sec.authenticateUser(txtUsername.Text.Trim(),
txtPassword.Text.Trim(), "Domain"))
{
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(txtUsername.Text.Trim(),
cbPersistCookie.Checked, 30);
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
and this works for me. Have you checked that the authenticated method
you're using is returning true (sorry to ask a stupid question).
Hope this helps!! I've only just got this working so am pretty
excited about it :)
Jen po*******@hotmail.com
"David W. Simmonds" <da***@simmonds.ca> wrote in message news:<wB8Zb.568446$ts4.160273@pd7tw3no>... Even more info:
It seems that the Redirect is working fine, but it is redirecting back to
the login page even though the url does not contain LoginPage.aspx. It
contains the url to the aspx page that is in the protected folder. Now I
really don't know what is happening now. It's as if the authentication
succeeds, but it redirects me back to the same login page anyway.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:lo8Zb.564544$X%5.156411@pd7tw2no... More info:
It appears the the url obtained from FormsAuthentication.GetRedirectUrl is
not a fully qualified url. It is a relative url. Is there a way for fully
qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:v38Zb.564404$X%5.377677@pd7tw2no... I have a form that will prompt for a user name/password. In VS.NET, I have the protected form in a folder named Admin. I have a Web.config file in that folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
file with the following section:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
</authentication>
In LoginPage.aspx, I have a user name and password edit box and a Login
button. When clicked it executes the following code:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
string userData = "";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect (FormsAuthentication.GetRedirectUrl(UserName.Text, Persistent.Checked));
}
else
Message("Invalid login");
}
If I specify an invalid login combination, the Message statement executes. This is good. If I specify a good combination, the form never moves from the login page. The forms are running in a frame on the page that presents them. Why would the page not be redirected when authentication is valid?
I have two. One resides in a "protected" folder. Any page in that folder
will use the web.config file and that file says to go to the loginpage.aspx.
"Jen" <po*******@hotmail.com> wrote in message
news:75**************************@posting.google.c om... If its redirecting to the login page it sounds like either the cookie
isn't persisting properly or the login isn't successful.
Can I ask why you have two web.config files? I thought (and I could
be wrong) that a Web Application has only one web.config file that it
loads up when running so am a little unclear about why you have the
second one. If you want a timeout value - you would set that on the
cookie you create.
I have this in my web.config file:
<authentication mode="Forms">
<forms name="demoReport"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
I set the start page to be report.aspx and when I run it it send me to
login.aspx to authenticate me. I'm actually authenticating against
active directory in a custom method but my code for the ticket is:
if (sec.authenticateUser(txtUsername.Text.Trim(),
txtPassword.Text.Trim(), "Domain"))
{
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(txtUsername.Text.Trim(),
cbPersistCookie.Checked, 30);
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
and this works for me. Have you checked that the authenticated method
you're using is returning true (sorry to ask a stupid question).
Hope this helps!! I've only just got this working so am pretty
excited about it :)
Jen
po*******@hotmail.com
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:<wB8Zb.568446$ts4.160273@pd7tw3no>... Even more info:
It seems that the Redirect is working fine, but it is redirecting back
to the login page even though the url does not contain LoginPage.aspx. It
contains the url to the aspx page that is in the protected folder. Now I
really don't know what is happening now. It's as if the authentication
succeeds, but it redirects me back to the same login page anyway.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:lo8Zb.564544$X%5.156411@pd7tw2no... More info:
It appears the the url obtained from
FormsAuthentication.GetRedirectUrl is not a fully qualified url. It is a relative url. Is there a way for
fully qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:v38Zb.564404$X%5.377677@pd7tw2no...
> I have a form that will prompt for a user name/password. In VS.NET,
I have > the protected form in a folder named Admin. I have a Web.config file
in that > folder as well. It contains the following section:
>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
>
> In the root folder where the other forms are located I have a
Web.config > file with the following section:
>
> <authentication mode="Forms">
> <forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
> </authentication>
>
> In LoginPage.aspx, I have a user name and password edit box and a
Login > button. When clicked it executes the following code:
>
> private void Login_Click(object sender, System.EventArgs e)
> {
> if (Authenticated (UserName.Text, Password.Text))
> {
> string userData = "";
> FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket( > 1,
> UserName.Text,
> System.DateTime.Now,
> System.DateTime.Now.AddMinutes(30),
> Persistent.Checked,
> userData,
> FormsAuthentication.FormsCookiePath);
>
> // Encrypt the ticket.
> string encTicket = FormsAuthentication.Encrypt(ticket);
>
> // Create the cookie.
> Response.Cookies.Add(new
> HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
> Response.Redirect
(FormsAuthentication.GetRedirectUrl(UserName.Text, > Persistent.Checked));
> }
> else
> Message("Invalid login");
> }
>
> If I specify an invalid login combination, the Message statement
executes. > This is good. If I specify a good combination, the form never moves
from the > login page. The forms are running in a frame on the page that
presents them. > Why would the page not be redirected when authentication is valid?
>
>
The authentication is working fine. If I put http://www.microsoft.com into
the redirect method, it redirects everytime.
Also, as far as the multiple web.config files, some of my web pages do not
require authentication. It's only the administrative pages that do. They are
put into another folder with another web.config file. Then the login page
runs for them.
If I change my Privacy settings (Tools -> Internet Options -> Privacy) to
Low or Accept All Cookies, then everything works fine. Is there something I
can do to leave it at Medium?
"Jen" <po*******@hotmail.com> wrote in message
news:75**************************@posting.google.c om... If its redirecting to the login page it sounds like either the cookie
isn't persisting properly or the login isn't successful.
Can I ask why you have two web.config files? I thought (and I could
be wrong) that a Web Application has only one web.config file that it
loads up when running so am a little unclear about why you have the
second one. If you want a timeout value - you would set that on the
cookie you create.
I have this in my web.config file:
<authentication mode="Forms">
<forms name="demoReport"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
I set the start page to be report.aspx and when I run it it send me to
login.aspx to authenticate me. I'm actually authenticating against
active directory in a custom method but my code for the ticket is:
if (sec.authenticateUser(txtUsername.Text.Trim(),
txtPassword.Text.Trim(), "Domain"))
{
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(txtUsername.Text.Trim(),
cbPersistCookie.Checked, 30);
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
and this works for me. Have you checked that the authenticated method
you're using is returning true (sorry to ask a stupid question).
Hope this helps!! I've only just got this working so am pretty
excited about it :)
Jen
po*******@hotmail.com
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:<wB8Zb.568446$ts4.160273@pd7tw3no>... Even more info:
It seems that the Redirect is working fine, but it is redirecting back
to the login page even though the url does not contain LoginPage.aspx. It
contains the url to the aspx page that is in the protected folder. Now I
really don't know what is happening now. It's as if the authentication
succeeds, but it redirects me back to the same login page anyway.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:lo8Zb.564544$X%5.156411@pd7tw2no... More info:
It appears the the url obtained from
FormsAuthentication.GetRedirectUrl is not a fully qualified url. It is a relative url. Is there a way for
fully qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:v38Zb.564404$X%5.377677@pd7tw2no...
> I have a form that will prompt for a user name/password. In VS.NET,
I have > the protected form in a folder named Admin. I have a Web.config file
in that > folder as well. It contains the following section:
>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
>
> In the root folder where the other forms are located I have a
Web.config > file with the following section:
>
> <authentication mode="Forms">
> <forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
> </authentication>
>
> In LoginPage.aspx, I have a user name and password edit box and a
Login > button. When clicked it executes the following code:
>
> private void Login_Click(object sender, System.EventArgs e)
> {
> if (Authenticated (UserName.Text, Password.Text))
> {
> string userData = "";
> FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket( > 1,
> UserName.Text,
> System.DateTime.Now,
> System.DateTime.Now.AddMinutes(30),
> Persistent.Checked,
> userData,
> FormsAuthentication.FormsCookiePath);
>
> // Encrypt the ticket.
> string encTicket = FormsAuthentication.Encrypt(ticket);
>
> // Create the cookie.
> Response.Cookies.Add(new
> HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
> Response.Redirect
(FormsAuthentication.GetRedirectUrl(UserName.Text, > Persistent.Checked));
> }
> else
> Message("Invalid login");
> }
>
> If I specify an invalid login combination, the Message statement
executes. > This is good. If I specify a good combination, the form never moves
from the > login page. The forms are running in a frame on the page that
presents them. > Why would the page not be redirected when authentication is valid?
>
>
Hi David,
Thanks for posting in the community!
From your description, you used FormsAuthentication in its Asp.net web
application, you found when the user has been authenticated and call the
Response.Redirect(FormsAuthentication.GetRedirectU rl..) to redirect
user to the fomer requested page, it didn't work, the user is still
redirect back to the login page, yes?
If there is anything I misunderstood, please feel free to let me know.
I've viewed the other messages in this thread and as you mentioned that it
works ok when you turned the IE's cookie privacy to "low" or allow all
cookie, yes? So I suspect that the problem is due to the Authentication
cookie is failed to be store in clientside. That means thought the user has
been authenticated , his authentication cookie(the token) hasn't been
stored into client's cookie that's why when he is still redirect to login
page after authenticated. To confirm it , would you please try out the
following items:(let the browser's cookie privacy as meduim by default)
1. Try manually redirecting the user to a protected page(via hard code url
address rather than get via GetRedirectUrl method) after setting the
authenticate cookie to see whether the problem still remains.
2. Try using the FormsAuthentication.RedirectFromLoginPage to see whether
this works.
3. If all the above not work, I think you may have a check to see whether
the authentication cookie is correctly store to the client. Turn on the
page's trace and check the Request and Response's cookie collection
,whether the Authenctiona cookie is in cookie collecdtion.
4. Also, try add a normal cookie variable into the response.cookies
collecdtion and then retrieve it again in another page to see whether
normal cookie can work well.
Please try out the above items. If you got any progresses, please feel free
to post here.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey http://msdn.microsoft.com/asp.net/whidbey/default.aspx
I used this code instead:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(UserName.Text, Persistent.Checked, 20);
string strEncrypted = FormsAuthentication.Encrypt(ticket);
string strURL = FormsAuthentication.GetRedirectUrl(UserName.Text,
Persistent.Checked);
if (strURL.IndexOf("?") == -1)
{
strURL += "?" + FormsAuthentication.FormsCookieName + "=" +
strEncrypted;
}
else
{
strURL += "&" + FormsAuthentication.FormsCookieName + "=" +
strEncrypted;
}
Response.Redirect(strURL);
}
else
Message("Invalid login");
}
Now it doesn't matter what the Privacy setting is.
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:i8**************@cpmsftngxa07.phx.gbl... Hi David,
Thanks for posting in the community!
From your description, you used FormsAuthentication in its Asp.net web
application, you found when the user has been authenticated and call the
Response.Redirect(FormsAuthentication.GetRedirectU rl..) to redirect
user to the fomer requested page, it didn't work, the user is still
redirect back to the login page, yes?
If there is anything I misunderstood, please feel free to let me know.
I've viewed the other messages in this thread and as you mentioned that it
works ok when you turned the IE's cookie privacy to "low" or allow all
cookie, yes? So I suspect that the problem is due to the Authentication
cookie is failed to be store in clientside. That means thought the user
has been authenticated , his authentication cookie(the token) hasn't been
stored into client's cookie that's why when he is still redirect to login
page after authenticated. To confirm it , would you please try out the
following items:(let the browser's cookie privacy as meduim by default)
1. Try manually redirecting the user to a protected page(via hard code url
address rather than get via GetRedirectUrl method) after setting the
authenticate cookie to see whether the problem still remains.
2. Try using the FormsAuthentication.RedirectFromLoginPage to see whether
this works.
3. If all the above not work, I think you may have a check to see whether
the authentication cookie is correctly store to the client. Turn on the
page's trace and check the Request and Response's cookie collection
,whether the Authenctiona cookie is in cookie collecdtion.
4. Also, try add a normal cookie variable into the response.cookies
collecdtion and then retrieve it again in another page to see whether
normal cookie can work well.
Please try out the above items. If you got any progresses, please feel
free to post here.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
Hi David,
Thanks for your followup. From the code you provided in the last reply,
you're using cookieless FormAuthentication now, store the Authentication
token in url querystring rather than in client cookie? But I think the
former problem we meet still remains on the cookie, have you tried out the
suggestions in my last reply? Please try them out and let me know if you
need any further help. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey http://msdn.microsoft.com/asp.net/whidbey/default.aspx
Ok, I did steps 1 and 2. All that happens is that it just goes back to the
login page.
I am unclear as to how to do steps 3 and 4. Please advise.
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:i8**************@cpmsftngxa07.phx.gbl... Hi David,
Thanks for posting in the community!
From your description, you used FormsAuthentication in its Asp.net web
application, you found when the user has been authenticated and call the
Response.Redirect(FormsAuthentication.GetRedirectU rl..) to redirect
user to the fomer requested page, it didn't work, the user is still
redirect back to the login page, yes?
If there is anything I misunderstood, please feel free to let me know.
I've viewed the other messages in this thread and as you mentioned that it
works ok when you turned the IE's cookie privacy to "low" or allow all
cookie, yes? So I suspect that the problem is due to the Authentication
cookie is failed to be store in clientside. That means thought the user
has been authenticated , his authentication cookie(the token) hasn't been
stored into client's cookie that's why when he is still redirect to login
page after authenticated. To confirm it , would you please try out the
following items:(let the browser's cookie privacy as meduim by default)
1. Try manually redirecting the user to a protected page(via hard code url
address rather than get via GetRedirectUrl method) after setting the
authenticate cookie to see whether the problem still remains.
2. Try using the FormsAuthentication.RedirectFromLoginPage to see whether
this works.
3. If all the above not work, I think you may have a check to see whether
the authentication cookie is correctly store to the client. Turn on the
page's trace and check the Request and Response's cookie collection
,whether the Authenctiona cookie is in cookie collecdtion.
4. Also, try add a normal cookie variable into the response.cookies
collecdtion and then retrieve it again in another page to see whether
normal cookie can work well.
Please try out the above items. If you got any progresses, please feel
free to post here.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
I turned on Trace in the Login page. Here is what I saw:
ASP.NET_SessionId axoagw55qmcq5l55m5ctskfp 42
Then I added the "testcookie" bit into another page, turned the trace on it
as well. I saw this in that page.
ASP.NET_SessionId f5utpgfelv2ndh45zooqsk55 42
testcookie testcookie_value 27
Then I went back to the Login page and all I saw was the ASP.NET_SessionId.
I don't understand what I am seeing though.
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:GE****************@cpmsftngxa06.phx.gbl... Hi David,
Thanks for your followup. As for the step3 and 4, here is the detailed
steps:
# How to turn on the page's trace, just add Trace="true" in the aspx
page's @page directive, forexample:
<%@ Page language="c#" Codebehind="WebForm1.aspx.cs"
AutoEventWireup="false" Trace="true" .....>
Then, you can lookup the Cookie or Session or some other useful infos of
the page on its display screen.
And By default there has a cookie named "ASPNET_SessionID" which represent
the id of the ServerSide SesssionState
If you used FormAuthentication, there'll has another cookie named as the
name value you specify in the web.config such as:
<forms name=".ASPNET_FORM_NAME" .....>
# As for the testing cookie as I mentioned in the step 4 last time, you
can just add the following code:
##Please also test when using Windows Authentication instead
formsAuthentication
In page one:
HttpCookie cookie = new HttpCookie("testcookie","testcookie_value");
cookie.Expires = DateTime.Now.AddYears(1);
Response.Cookies.Add(cookie);
Then in another page(turn on the trace to see whether the added cookie
appears in the cookie collection).
In addtion, I've attached two screen shot on the above condition I've
mentioned, please refer to them if you feel anything unclear. Also, if you
still have any questions, please feel free to post here.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
Hi David,
Thanks for your reply. From your test result. It seems that your
application is ok to write normal cookie onto the client side machine(for
you have seen the "ASPNET_SessionID" cookie in the trace report). Then, if
you turn on the FormsAuthentication, do you see another cookie in the
Cookie collection? Its name is the same as you set in the
machien.config such as
<forms name=".ASPNET_FORM_NAME" .....>
If not, the problem why Formauthentication failed when store token in
cookie may be something with the Web Application's cookie privacy setting.
In IE 6 under default privacy policy(meduim) all third party cookies that
do not have a compact policy are blocked. If your asp.net web application
is in a different domain
from the page the contains the iframe, it is considered as third party
context and the cookie is blocked. Since the cookie is not set you are
always redirected to the login page.
Do your pages set in a frame or iframe? Or you may try creating a very
simple web app which just has two pages , one login page, another protected
page and using FormsAuthentication, if this application can work well with
cookiebased formauthentication, I think the problem is focus on your
application (it may contains some third-party cookie like behavior ).
If this does be the cause of the problem, you need to allow the third party
cookies you need to develop a compact
policy.
Here are some kb articles on the IE cookie privacy setting and IIS
third-party cookie policy setting, you may have a look if you feel
necessary:
#HOW TO: Configure IIS To Use Platform for Privacy Preferences (P3P) http://support.microsoft.com/?id=324013
Also, there has the weblinks to some other web reference such as on
#The Default Privacy Settings for Internet Explorer 6 http://support.microsoft.com/?id=293222
"how to create the full privacy policy, policy reference, and compact codes" http://www.w3.org/P3P
and "information about full privacy policy, policy reference, and compact
codes" http://msdn.microsoft.com/library/de...curity/privacy
/overview/createprivacypolicy.asp
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey http://msdn.microsoft.com/asp.net/whidbey/default.aspx This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Wayne Smith |
last post by:
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to...
|
by: Rudi Groenewald |
last post by:
Hi there...
I use SQL server integrated security so when a user opens a database in
access it prompts the username & password in a small popup box on
connection, but I'd like to use my own...
|
by: et |
last post by:
I have an asp.net program that uses a connection string, using integrated
security to connect to a sql database. It runs fine on one server, but the
other server gives me the error that
"Login...
|
by: bill |
last post by:
I need to open a asp.net web form from a classic asp page, and pass a
username and password to the asp.net page. The username and password exist
as session variables in the classic asp...
|
by: Samuel Shulman |
last post by:
Is there a method that will indicate the person who logged successfully is
Logged and therefore allowed to browse freely other then using the...
|
by: muder |
last post by:
I have a standard Login ASP.NET 2.0 control on a login Page, a LoginName and LoginStatus controls on the member's page.
once the user login successfully I am redirecting the user to Member.aspx...
|
by: Jacob Donajkowski |
last post by:
Once the user logs in I want to have the users switch from the Roster
View to the Profile View and enter their profile infomation and save
it. Then the next time they login and go to the Profile...
|
by: klenwell |
last post by:
Another request for comments here.
I'd like to accomplish something like the scheme outlined at this page
here:
http://tinyurl.com/3dtcdr
In a nutshell, the form uses javascript to hash...
|
by: sandari |
last post by:
The following code (web.config in Visual Studio 2005) is supposed to redirect a user to the appropriate Form depending on their role.
However, regardless of the user's role, the only page...
|
by: DanWeaver |
last post by:
Hi,
Any pointers much appreciated- I just don't know how to progress from
here.
Using MS SQL server on a shared host (www.joglab.com shows the
problem) I am having a problem with logins-...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
