I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the Login.aspx page!
My database has all the users - - I query the database and validate the user
there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never redirects
the page
The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing? 11  3521 
are you sure ValidUser is returning "true" ?
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the Login.aspx page!
My database has all the users - - I query the database and validate the
user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never redirects
the page
The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing?
Yes - I'm sure - absolutely positive
"Seaside" <ss@hotmail.com> wrote in message
news:ez**************@tk2msftngp13.phx.gbl... are you sure ValidUser is returning "true" ?
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any
requested page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't
get it, once the user is authenticated, to redirect to the new page. It
ALWAYS refreshes the Login.aspx page!
My database has all the users - - I query the database and validate the
user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never
redirects the page
The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing?
Thanks - I checked it out - - all the code listings links don't go to the
code at all....nice article, but it doesn't tell me where my problem is.
BTW - If I remove the deny users part - - - - it bypasses the login.aspx
file altogether. I at least had that working
"S. Justin Gengo" <sj*****@aboutfortunate.com> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl... Elmo,
When you use a database with forms authentication you need to remove the
deny users attribute in the web.config file. You then have to create a
method that does the validation for you.
Here's a good article about using a database with form authentication:
http://www.zdnet.com.au/builder/prog...0274191,00.htm
Sincerely,
--
S. Justin Gengo, MCP
Web Developer
Free code library at:
www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any
requested page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't
get it, once the user is authenticated, to redirect to the new page. It
ALWAYS refreshes the Login.aspx page!
My database has all the users - - I query the database and validate the
user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never
redirects the page
The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing?
see S.Justin Gengo's reply
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:Oi**************@TK2MSFTNGP12.phx.gbl... Yes - I'm sure - absolutely positive
"Seaside" <ss@hotmail.com> wrote in message
news:ez**************@tk2msftngp13.phx.gbl... are you sure ValidUser is returning "true" ?
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get it, once the user is authenticated, to redirect to the new page. It ALWAYS refreshes the Login.aspx page!
My database has all the users - - I query the database and validate
the user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never redirects the page
The machine.config points to the correct path for the
WebUIValidation.js file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am
I missing?
Elmo,
It may be redirecting to the page, then redirecting right back to the login
page when it's found that the user isn't authenticated.
The question will be "why isn't the user authenticated when I think he
should be?" Answers I've seen include:
1) Because the cookie is set up wrong and Forms Authentication never sees
it. Check on the domain, path and expiration of the cookie. In particular,
make sure the cookie domain matches your domain. localhost has a blank
domain, BTW.
2) Because the login page and the page you're redirecting to have different
values in the <machineKey> entry in machine.config or web.config.
3) The user _is_ authenticated, but not authorized. Maybe URL authorization
has a typo in a role name, or roles aren't being applied in global.asax.
It sounds like it's time for you to look one layer deeper. In particular,
try turning on tracing in web.config:
<trace enabled="true" requestLimit="100" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
Then reproduce the problem and navigate to http://localhost/yourSite/trace.axd. It may be instructive.
--
John Saunders
Internet Engineer jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the Login.aspx page!
My database has all the users - - I query the database and validate the
user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never redirects
the page
The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing?
Hmmm,
That website must be having some pretty big link problems! I had bookmarked
it a long time ago. It looks like all their articles file links aren't
working.
Here's a line of code from a different article that I think pertains to you:
If blnIsAuthenticated Then
FormsAuthentication.RedirectFromLoginPage(strUser,
chkPersistLogin.Checked)
End If
This article is using an xml file instead of a database to store usernames
and passwords but the concept is the same. Here's the link: http://www.15seconds.com/issue/020305.htm
Sincerecly,
--
S. Justin Gengo, MCP
Web Developer
Free code library at: www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:eS**************@TK2MSFTNGP11.phx.gbl... Thanks - I checked it out - - all the code listings links don't go to the
code at all....nice article, but it doesn't tell me where my problem is.
BTW - If I remove the deny users part - - - - it bypasses the login.aspx
file altogether. I at least had that working
"S. Justin Gengo" <sj*****@aboutfortunate.com> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl... Elmo,
When you use a database with forms authentication you need to remove the
deny users attribute in the web.config file. You then have to create a
method that does the validation for you.
Here's a good article about using a database with form authentication: http://www.zdnet.com.au/builder/prog...0274191,00.htm
Sincerely,
--
S. Justin Gengo, MCP
Web Developer
Free code library at:
www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get it, once the user is authenticated, to redirect to the new page. It ALWAYS refreshes the Login.aspx page!
My database has all the users - - I query the database and validate
the user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never redirects the page
The machine.config points to the correct path for the
WebUIValidation.js file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am
I missing?
Actually - I have had Tracing on & off several times - -
I see that the cookie is set - - but the weird thing is how it's showing - -
I went to the temporary internet files directory to watch when the cookie
shows up.
I run a page on the site in IE, get referred to the login page, login, and,
as usual, it does NOT redirect me to the original page....
Keep in mind, still no cookie in the directory -- then I close IE - - -
still no cookie.
THEN - when I start IE AGAIN, only going to its default page - - the cookie
shows up in the directory - - I don't get how this behavior works, at all.
Still - the same login scenario happens - - no redirect.
You said: Maybe URL authorization has a typo in a role name, or roles aren't being
applied in global.asax.
I don't have any roles in play here - this scenario, at this point is
supposed to check against a database table for authorization - - if
there - - validuser is true, else it's false
if it's true, I have it set like this:
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again -
here's where it doesn't work. It DOES, however, set the cookie, named the
same as in the web.config file.
Anything else?? Nothing shows up as
"John Saunders" <jo***********@surfcontrol.com> wrote in message
news:OL**************@TK2MSFTNGP11.phx.gbl... Elmo,
It may be redirecting to the page, then redirecting right back to the
login page when it's found that the user isn't authenticated.
The question will be "why isn't the user authenticated when I think he
should be?" Answers I've seen include:
1) Because the cookie is set up wrong and Forms Authentication never sees
it. Check on the domain, path and expiration of the cookie. In particular,
make sure the cookie domain matches your domain. localhost has a blank
domain, BTW.
2) Because the login page and the page you're redirecting to have
different values in the <machineKey> entry in machine.config or web.config.
3) The user _is_ authenticated, but not authorized. Maybe URL
authorization has a typo in a role name, or roles aren't being applied in global.asax.
It sounds like it's time for you to look one layer deeper. In particular,
try turning on tracing in web.config:
<trace enabled="true" requestLimit="100" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
Then reproduce the problem and navigate to
http://localhost/yourSite/trace.axd. It may be instructive.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any
requested page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't
get it, once the user is authenticated, to redirect to the new page. It
ALWAYS refreshes the Login.aspx page!
My database has all the users - - I query the database and validate the
user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never
redirects the page
The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing?
Yeah - - that's what I'm using exactly - - that's what doesn't work
correctly
I'm totally lost here......I guess I'll just have to roll my own
authentication system - - I've been at this over a week and I could have had
it all done, if I had manually created it.
Thanks for the help - - if you think of something else - - - post back,
please.
"S. Justin Gengo" <sj*****@aboutfortunate.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Hmmm,
That website must be having some pretty big link problems! I had
bookmarked it a long time ago. It looks like all their articles file links aren't
working.
Here's a line of code from a different article that I think pertains to
you:
If blnIsAuthenticated Then
FormsAuthentication.RedirectFromLoginPage(strUser,
chkPersistLogin.Checked)
End If
This article is using an xml file instead of a database to store usernames
and passwords but the concept is the same. Here's the link:
http://www.15seconds.com/issue/020305.htm
Sincerecly,
--
S. Justin Gengo, MCP
Web Developer
Free code library at:
www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:eS**************@TK2MSFTNGP11.phx.gbl... Thanks - I checked it out - - all the code listings links don't go to
the code at all....nice article, but it doesn't tell me where my problem is.
BTW - If I remove the deny users part - - - - it bypasses the
login.aspx file altogether. I at least had that working
"S. Justin Gengo" <sj*****@aboutfortunate.com> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl... Elmo,
When you use a database with forms authentication you need to remove
the deny users attribute in the web.config file. You then have to create a
method that does the validation for you.
Here's a good article about using a database with form authentication:
http://www.zdnet.com.au/builder/prog...0274191,00.htm
Sincerely,
--
S. Justin Gengo, MCP
Web Developer
Free code library at:
www.aboutfortunate.com
"Out of chaos comes order."
Nietzche
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
> I tried on the Security newgroup, as well as other places, and
haven't > gotten an answer yet - - I'm pulling my hair out over this one.
>
> I'm trying to get Forms Authentication working.....I can get any
requested > page to automatically go to the Login.aspx page, AND, the ReturnURL
> querystring is correct in the address bar, but no matter what, I
can't get > it, once the user is authenticated, to redirect to the new page. It
ALWAYS > refreshes the Login.aspx page!
>
> My database has all the users - - I query the database and validate the user
> there. This part works - - I've totally verified this.
> Then - - I've got this:
> if ValidUser="True" then
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> <-------this is the part that DOES NOT work at all - - it never
redirects > the page
>
> The machine.config points to the correct path for the WebUIValidation.js > file....I'm using MSIE, as are all the other users who are going to
be > hitting this app. - - Scripting is allowed.
>
> in the Web.Config, I've got:
> <authentication mode="Forms">
> <forms name=".MyApp"
> loginUrl="login.aspx"
> protection="All"
> timeout="480"
> path="/"
> />
> </authentication>
> <authorization>
> <deny users ="?" />
> </authorization>
> And I'm importing the Web.Security Namespace on each page.
> Does Each subsequent page need anything else in it to make this
work? > Please help - - I've been working on this for over a week now! What
am I > missing?
>
>
Elmo,
Let's be sure we understand each other. Here's a sequence of events to
reproduce:
1) Close _all_ of your browsers
2) Start up IE (preferably with your home page set to about :blank).
3) Navigate to a page which requires you to be authenticated
4) You should be redirected to the login page
5) Check for the cookie it should be absent.
6) Log in. It should attempt to redirect you to the original page.
7) Whether or not it redirected you, check for the cookie again. If it's
there, post the details, in particular, the path, domain and expiration.
BTW, I don't know how you're seeing the cookie at all. Session cookies
aren't displayed in IE's "View Files" dialog. You'd do better to use a tool
like ProxyTrace from http://pocketsoap.com, which will allow you to see the
actual Set-Cookie header(s).
--
John Saunders
Internet Engineer jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:eX**************@TK2MSFTNGP10.phx.gbl... Actually - I have had Tracing on & off several times - -
I see that the cookie is set - - but the weird thing is how it's
showing - - I went to the temporary internet files directory to watch when the cookie
shows up.
I run a page on the site in IE, get referred to the login page, login,
and, as usual, it does NOT redirect me to the original page....
Keep in mind, still no cookie in the directory -- then I close IE - - -
still no cookie.
THEN - when I start IE AGAIN, only going to its default page - - the
cookie shows up in the directory - - I don't get how this behavior works, at
all.
Still - the same login scenario happens - - no redirect.
You said:>Maybe URL authorization has a typo in a role name, or roles aren't
being applied in global.asax.
I don't have any roles in play here - this scenario, at this point is
supposed to check against a database table for authorization - - if
there - - validuser is true, else it's false
if it's true, I have it set like this:
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again -
here's where it doesn't work. It DOES, however, set the cookie, named the
same as in the web.config file.
Anything else?? Nothing shows up as
"John Saunders" <jo***********@surfcontrol.com> wrote in message
news:OL**************@TK2MSFTNGP11.phx.gbl... Elmo,
It may be redirecting to the page, then redirecting right back to the
login page when it's found that the user isn't authenticated.
The question will be "why isn't the user authenticated when I think he
should be?" Answers I've seen include:
1) Because the cookie is set up wrong and Forms Authentication never
sees it. Check on the domain, path and expiration of the cookie. In
particular, make sure the cookie domain matches your domain. localhost has a blank
domain, BTW.
2) Because the login page and the page you're redirecting to have
different values in the <machineKey> entry in machine.config or web.config.
3) The user _is_ authenticated, but not authorized. Maybe URL
authorization has a typo in a role name, or roles aren't being applied in global.asax.
It sounds like it's time for you to look one layer deeper. In
particular, try turning on tracing in web.config:
<trace enabled="true" requestLimit="100" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
Then reproduce the problem and navigate to
http://localhost/yourSite/trace.axd. It may be instructive.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get it, once the user is authenticated, to redirect to the new page. It ALWAYS refreshes the Login.aspx page!
My database has all the users - - I query the database and validate
the user there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never
redirects the page
The machine.config points to the correct path for the
WebUIValidation.js file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.
in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am
I missing?
Here are my steps
1. Delete existing cookie, starting from scratch
2. Run a page on web server - - redirects me to login page
3. Login, hoping to go to url in querystring
4. It does NOT redirect me to the correct page - -
in the Trace details, it shows the cookie with the correct name (from
Web.Config Name = section)
5. However, I don't see the cookie in the Temporary Internet Files dir
yet - - close IE -no cookie
6. Start IE (goes to default site which is NOT the web site in question) -
Cookie shows up
7. Details - - - in the directory list (Windows Explorer):
Name: Cookie:myname@testWebserver/ --- this is correct --
Internet Address - same as Name: - TXT file
Expires: 8/5/2053
Last Modified/Last Accessed/Last Checked - - all the same time/date (today)
8. Try running a page on the web server again - - redirects me to login
page, with the originally requested page, correctly, in the querystring
(ReturnUrL) - - cookie shows up with the name given to it, in my Web.config
file.
Does this show you anything?
"John Saunders" <jo***********@surfcontrol.com> wrote in message
news:uG**************@TK2MSFTNGP11.phx.gbl... Elmo,
Let's be sure we understand each other. Here's a sequence of events to
reproduce:
1) Close _all_ of your browsers
2) Start up IE (preferably with your home page set to about:blank).
3) Navigate to a page which requires you to be authenticated
4) You should be redirected to the login page
5) Check for the cookie it should be absent.
6) Log in. It should attempt to redirect you to the original page.
7) Whether or not it redirected you, check for the cookie again. If it's
there, post the details, in particular, the path, domain and expiration.
BTW, I don't know how you're seeing the cookie at all. Session cookies
aren't displayed in IE's "View Files" dialog. You'd do better to use a
tool like ProxyTrace from http://pocketsoap.com, which will allow you to see
the actual Set-Cookie header(s).
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:eX**************@TK2MSFTNGP10.phx.gbl... Actually - I have had Tracing on & off several times - -
I see that the cookie is set - - but the weird thing is how it's showing - - I went to the temporary internet files directory to watch when the
cookie shows up.
I run a page on the site in IE, get referred to the login page, login,
and, as usual, it does NOT redirect me to the original page....
Keep in mind, still no cookie in the directory -- then I close IE - - -
still no cookie.
THEN - when I start IE AGAIN, only going to its default page - - the
cookie shows up in the directory - - I don't get how this behavior works, at
all.
Still - the same login scenario happens - - no redirect.
You said:>>>Maybe URL authorization has a typo in a role name, or roles aren't being applied in global.asax.
I don't have any roles in play here - this scenario, at this point is
supposed to check against a database table for authorization - - if
there - - validuser is true, else it's false
if it's true, I have it set like this:
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again -
here's where it doesn't work. It DOES, however, set the cookie, named
the same as in the web.config file.
Anything else?? Nothing shows up as
"John Saunders" <jo***********@surfcontrol.com> wrote in message
news:OL**************@TK2MSFTNGP11.phx.gbl... Elmo,
It may be redirecting to the page, then redirecting right back to the
login page when it's found that the user isn't authenticated.
The question will be "why isn't the user authenticated when I think he
should be?" Answers I've seen include:
1) Because the cookie is set up wrong and Forms Authentication never sees it. Check on the domain, path and expiration of the cookie. In particular, make sure the cookie domain matches your domain. localhost has a blank
domain, BTW.
2) Because the login page and the page you're redirecting to have
different values in the <machineKey> entry in machine.config or web.config.
3) The user _is_ authenticated, but not authorized. Maybe URL
authorization has a typo in a role name, or roles aren't being applied in
global.asax.
It sounds like it's time for you to look one layer deeper. In particular, try turning on tracing in web.config:
<trace enabled="true" requestLimit="100" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
Then reproduce the problem and navigate to
http://localhost/yourSite/trace.axd. It may be instructive.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
> I tried on the Security newgroup, as well as other places, and
haven't > gotten an answer yet - - I'm pulling my hair out over this one.
>
> I'm trying to get Forms Authentication working.....I can get any
requested > page to automatically go to the Login.aspx page, AND, the ReturnURL
> querystring is correct in the address bar, but no matter what, I
can't get > it, once the user is authenticated, to redirect to the new page. It
ALWAYS > refreshes the Login.aspx page!
>
> My database has all the users - - I query the database and validate the user
> there. This part works - - I've totally verified this.
> Then - - I've got this:
> if ValidUser="True" then
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> <-------this is the part that DOES NOT work at all - - it never
redirects > the page
>
> The machine.config points to the correct path for the WebUIValidation.js > file....I'm using MSIE, as are all the other users who are going to
be > hitting this app. - - Scripting is allowed.
>
> in the Web.Config, I've got:
> <authentication mode="Forms">
> <forms name=".MyApp"
> loginUrl="login.aspx"
> protection="All"
> timeout="480"
> path="/"
> />
> </authentication>
> <authorization>
> <deny users ="?" />
> </authorization>
> And I'm importing the Web.Security Namespace on each page.
> Does Each subsequent page need anything else in it to make this
work? > Please help - - I've been working on this for over a week now! What
am I > missing?
>
>
Yeah, Elmo, that's what I figured from your detailed post. Your Forms
Authentication page may be using the same cookie name as being used by that
"classic ASP" page. Choose another name!
You're not _supposed_ to be able to see session cookies in Temporary
Internet Files! The fact that you saw it there suggested that it wasn't from
ASP.NET, and the fact that you saw it after going to the "default" page
suggested that you were getting that cookie from the default page.
--
John Saunders
Internet Engineer jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:u8**************@tk2msftngp13.phx.gbl... I didn't notice until I sent the last message, that you said to 'blank'
out the start page....
The weirdest thing happened - - previously, my start page was one of the
other intranet's login page in our company (classic asp/different
login/different server/completely different physical location) - - -
AS SOON as I dumped that page from my default page in IE - the whole Forms
Authentication worked perfectly - just like it was supposed to.
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:ew*************@TK2MSFTNGP12.phx.gbl... Here are my steps
1. Delete existing cookie, starting from scratch
2. Run a page on web server - - redirects me to login page
3. Login, hoping to go to url in querystring
4. It does NOT redirect me to the correct page - -
in the Trace details, it shows the cookie with the correct name (from
Web.Config Name = section)
5. However, I don't see the cookie in the Temporary Internet Files dir
yet - - close IE -no cookie
6. Start IE (goes to default site which is NOT the web site in
question) - Cookie shows up
7. Details - - - in the directory list (Windows Explorer):
Name: Cookie:myname@testWebserver/ --- this is correct --
Internet Address - same as Name: - TXT file
Expires: 8/5/2053
Last Modified/Last Accessed/Last Checked - - all the same time/date (today)
8. Try running a page on the web server again - - redirects me to login
page, with the originally requested page, correctly, in the querystring
(ReturnUrL) - - cookie shows up with the name given to it, in my
Web.config file.
Does this show you anything?
"John Saunders" <jo***********@surfcontrol.com> wrote in message
news:uG**************@TK2MSFTNGP11.phx.gbl... Elmo,
Let's be sure we understand each other. Here's a sequence of events to
reproduce:
1) Close _all_ of your browsers
2) Start up IE (preferably with your home page set to about:blank).
3) Navigate to a page which requires you to be authenticated
4) You should be redirected to the login page
5) Check for the cookie it should be absent.
6) Log in. It should attempt to redirect you to the original page.
7) Whether or not it redirected you, check for the cookie again. If
it's there, post the details, in particular, the path, domain and
expiration.
BTW, I don't know how you're seeing the cookie at all. Session cookies
aren't displayed in IE's "View Files" dialog. You'd do better to use a
tool like ProxyTrace from http://pocketsoap.com, which will allow you to
see the actual Set-Cookie header(s).
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
"ElmoWatson" <sp**********@yahoo.com> wrote in message
news:eX**************@TK2MSFTNGP10.phx.gbl...
> Actually - I have had Tracing on & off several times - -
> I see that the cookie is set - - but the weird thing is how it's
showing - -
> I went to the temporary internet files directory to watch when the
cookie > shows up.
>
> I run a page on the site in IE, get referred to the login page,
login, and,
> as usual, it does NOT redirect me to the original page....
> Keep in mind, still no cookie in the directory -- then I close
IE - - - > still no cookie.
> THEN - when I start IE AGAIN, only going to its default page - - the
cookie
> shows up in the directory - - I don't get how this behavior works, at all.
>
> Still - the same login scenario happens - - no redirect.
>
> You said:
> >>>>Maybe URL authorization has a typo in a role name, or roles
aren't being
> applied in global.asax.
>
> I don't have any roles in play here - this scenario, at this point
is > supposed to check against a database table for authorization - - if
> there - - validuser is true, else it's false
> if it's true, I have it set like this:
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again - > here's where it doesn't work. It DOES, however, set the cookie,
named the > same as in the web.config file.
>
> Anything else?? Nothing shows up as
>
> "John Saunders" <jo***********@surfcontrol.com> wrote in message
> news:OL**************@TK2MSFTNGP11.phx.gbl...
> > Elmo,
> >
> > It may be redirecting to the page, then redirecting right back to the > login
> > page when it's found that the user isn't authenticated.
> >
> > The question will be "why isn't the user authenticated when I
think he > > should be?" Answers I've seen include:
> >
> > 1) Because the cookie is set up wrong and Forms Authentication
never sees
> > it. Check on the domain, path and expiration of the cookie. In
particular,
> > make sure the cookie domain matches your domain. localhost has a
blank > > domain, BTW.
> > 2) Because the login page and the page you're redirecting to have
> different
> > values in the <machineKey> entry in machine.config or web.config.
> > 3) The user _is_ authenticated, but not authorized. Maybe URL
> authorization
> > has a typo in a role name, or roles aren't being applied in
global.asax. > >
> > It sounds like it's time for you to look one layer deeper. In
particular,
> > try turning on tracing in web.config:
> >
> > <trace enabled="true" requestLimit="100" pageOutput="false"
> > traceMode="SortByTime" localOnly="true" />
> >
> > Then reproduce the problem and navigate to
> > http://localhost/yourSite/trace.axd. It may be instructive.
> > --
> > John Saunders
> > Internet Engineer
> > jo***********@surfcontrol.com
> >
> >
> >
> > "ElmoWatson" <sp**********@yahoo.com> wrote in message
> > news:%2****************@TK2MSFTNGP11.phx.gbl...
> > > I tried on the Security newgroup, as well as other places, and
haven't > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any
> requested
> > > page to automatically go to the Login.aspx page, AND, the ReturnURL > > > querystring is correct in the address bar, but no matter what, I
can't > get
> > > it, once the user is authenticated, to redirect to the new page. It > ALWAYS
> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate the
> > user
> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True" then
> > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True)
' > > > <-------this is the part that DOES NOT work at all - - it never
> redirects
> > > the page
> > >
> > > The machine.config points to the correct path for the
WebUIValidation.js
> > > file....I'm using MSIE, as are all the other users who are going
to be > > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authentication mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login.aspx"
> > > protection="All"
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorization>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this
work? > > > Please help - - I've been working on this for over a week now!
What am I
> > > missing?
> > >
> > >
> >
> >
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: Senthil |
last post by:
1. Created a new C# web application project
2. Change the name of webform1 to login.aspx
3. And in the .cs file change the name of the class to login, and include
System.web.security namespace....
|
by: Greg Burns |
last post by:
I have built a web app that uses forms authentication. There isn't a
"remember me" feature (i.e. the authentication cookie is not permanent).
When you close the browser, and open a new one, you...
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be...
|
by: Hermit Dave |
last post by:
Hi,
I am making a web application (rather two applications) one which is host
and used by customers when they are just browsing through products.
The second application resides on a secure...
|
by: Rob |
last post by:
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.
The...
|
by: Gavin Stevens |
last post by:
I'm trying to figure out the ASP.NET Forms Auth
I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want...
|
by: Justin |
last post by:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of...
|
by: n33470 |
last post by:
Hi all,
We have an asp.net 1.1 app that we're in the process of converting to
2.0. What I'm about to describe runs just great in the 1.1
framework, but does not work in the 2.0 framework.
...
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
