I am implementing a secure website using the ASP.NET FormsAuthentication
model. I have taken the simplest code examples from MSDN
(login.aspx,default.aspx, web.config) but cannot get proper behavior on my
machine.
As an unauthenticated user, I navigate to the website http://localhost/XXX.
global.Authenticate_Request considers sending default.apsx but cannot find
any authentication cookie in the Context object, so the request is
redirected to login.aspx. Just as advertised.
Now, I perform a login through login.aspx. When RedirectFromLoginPage is
called by login.aspx, global.Authenticate_Request is again invoked. But no
authentication cookie is present in the Context object, so the request is
once again redirected to login.aspx.
I modified the login.aspx login_click behavior to explicitly create a Ticket
and Cookie (unencrypted), place it in the Context.Response collection. I
verify the presence of the new cookie with the debugger before login_click
terminates. Next, I watch the global application's Authenticate_Request
with the debugger and see that the Context.Response.Cookies collection is
empty!
Here is my development environment:
1) W2K Pro SP5
2) IIS 5.0
3) Visual Studio .NET 2003, .Net Framework 1.1
4) Zone Alarm Pro 3.0
5) Norton Antivirus
LAN is wireless. Access point is also a router. Router is configured to use
Zone Alarm security settings from localhost.
I have tried out this application in the following ways, all exhibiting the
same behavior:
1) IE 6 Browser session on localhost.
2) Mozilla browser session on localhost
3) IE 6 browser session on another machine on the intranet
I tried shutting down ZAPro, disabling autostart and rebooting, to no avail.
I checked the privacy settings and have the following set:
Allow session and persistent cookies
Block 3rd party cookies.
I toyed around with IIS but don't really know what I'm doing so gave up and
recreated the website. No change in behavior (ARRGH!).
If I modify login.aspx to make the user authentication a persistent cookie,
the same behavior occurs initially, but a subsequent browser session will
bring up default.aspx.
WHAT IS HAPPENING TO MY COOKIES? I am losing my cookies over these lost
cookies!
Another fact:
When I installed VS.NET on localhost, IIS 5 wasn't installed. I later
installed IIS, and ran a .NET tool to map .NET into IIS. I also ran the
VS.NAT install to atttempt to repair anything that got screwed up because
IIS wasn't there on the initial install.
Nothing I have done has resolved the problem. I figure that this problem is
due to the configuration of localhost.
CAN ANYONE HELP ME???????
You help is much-appreciated. Thanks in advance.
Jeff Bartels
je*********@usa.net
