Empty POST request

Discussion in 'ASP .Net' started by Jag, May 22, 2008.

  1. Jag

    Jag Guest

    Hi

    I am facing a strange issue. I have 3 ASP pages in the default
    website


    1. auth.aspx
    Code:
    <html>
    	<body>
    		Auth Page
    		<br />
    		<a href = "anon.aspx">Anon Page</a>
    	</body>
    </html>
    

    2. anon.aspx
    Code:
    <html>
    	<body>
    		Normal Page
    		<form action = "resp.aspx" method = "post">
    			<input type = "text" name = "un" />
    			<input type = "submit" />
    		</form>
    		<br />
    		<a href = "auth.aspx">Auth Page</a>
    	</body>
    </html>
    

    3. resp.aspx
    Code:
    <html>
    	<body>
    		Bytes : <%= Request.TotalBytes %>
    	</body>
    </html>
    

    In IIS, auth.aspx is set to have Integrated Windows Authentication.
    The
    other two have anonymous access.


    Here are the actions I perform on IE7.


    1. Navigate to http://localhost/anon.aspx
    2. Type some text and submit the form.
    3. The response shows the number of bytes correctly.
    4. Click the back button on browser.
    5. Navigate to auth.aspx
    6. Enter required credentials, if prompted. The page loads
    successfully.
    7. Go back to http://localhost/anon.aspx
    8. Type some text and submit the form.
    9. Strangely, the response shows that zero byte was posted.

    So, whenever I go to a page with IWA enabled and then move onto a
    page
    with anonymous access, if a form exists in that page, and the form
    submission method is POST, the submission fails. The only workaround
    is to close the browser and open it again.

    This does not happen in Mozilla Firefox.
    This does not happen when I use Fiddler with IE7.

    Could someone explain what's going wrong?

    Thanks.

    UNT,
    Jag
     
    Jag, May 22, 2008
    #1
    1. Advertising

  2. I also get the same behavior. I have an ASP.NET 3.5 AJAX enabled application
    that uses mixed-mode authentication. It actually uses Forms Authentication
    but has a page that uses Integrated Windows Authentication and sets the Forms
    Auth cookie if it authenticates properly, otherwise redirects to the normal
    Forms Login page.

    Now, when I deactivate IWA for all pages except the special IWA page,
    posting back just sends "nothing" back to the page. Request.Form is empty,
    Request.ContentLength is zero. This is annoying.

    I also see it working ok from IE through Fiddler. It also works properly
    from FireFox with or without Fiddler.
    "Jag" wrote:

    > Hi
    >
    > I am facing a strange issue. I have 3 ASP pages in the default
    > website
    >
    >
    > 1. auth.aspx
    >
    Code:
    > <html>
    > 	<body>
    > 		Auth Page
    > 		<br />
    > 		<a href = "anon.aspx">Anon Page</a>
    > 	</body>
    > </html>
    > 
    >
    >
    > 2. anon.aspx
    >
    Code:
    > <html>
    > 	<body>
    > 		Normal Page
    > 		<form action = "resp.aspx" method = "post">
    > 			<input type = "text" name = "un" />
    > 			<input type = "submit" />
    > 		</form>
    > 		<br />
    > 		<a href = "auth.aspx">Auth Page</a>
    > 	</body>
    > </html>
    > 
    >
    >
    > 3. resp.aspx
    >
    Code:
    > <html>
    > 	<body>
    > 		Bytes : <%= Request.TotalBytes %>
    > 	</body>
    > </html>
    > 
    >
    >
    > In IIS, auth.aspx is set to have Integrated Windows Authentication.
    > The
    > other two have anonymous access.
    >
    >
    > Here are the actions I perform on IE7.
    >
    >
    > 1. Navigate to http://localhost/anon.aspx
    > 2. Type some text and submit the form.
    > 3. The response shows the number of bytes correctly.
    > 4. Click the back button on browser.
    > 5. Navigate to auth.aspx
    > 6. Enter required credentials, if prompted. The page loads
    > successfully.
    > 7. Go back to http://localhost/anon.aspx
    > 8. Type some text and submit the form.
    > 9. Strangely, the response shows that zero byte was posted.
    >
    > So, whenever I go to a page with IWA enabled and then move onto a
    > page
    > with anonymous access, if a form exists in that page, and the form
    > submission method is POST, the submission fails. The only workaround
    > is to close the browser and open it again.
    >
    > This does not happen in Mozilla Firefox.
    > This does not happen when I use Fiddler with IE7.
    >
    > Could someone explain what's going wrong?
    >
    > Thanks.
    >
    > UNT,
    > Jag
    >
    >
     
    Sergiu Damian, Jun 3, 2008
    #2
    1. Advertising

  3. After a few more tests, it seems that: if you have a IIS web application with
    Anonymous access configured at root level, and one page configured with IWA
    (and no Anonymous), everything works ok until you hit the IWA - protected
    page. After that, if you post back from the IWA protected page on itself, it
    works. Instead, if you do a cross-page post back from the IWA protected page
    to an Anonymous page, it does not post any content back, although the HTTP
    method used is POST. Now, after leaving the IWA protecte page, in any other
    unprotected (Anonymous) page, the post back on itself does not work. But, if
    you do a cross-page post back from an unprotected page to an IWA-protected
    page, it posts ok. So, it seems that IE has a bug. It is reproduced in both
    IE6 & 7.

    On the other side, if you have your web-site configured as Anonymous & IWA,
    but for one "Protected" page that has only IWA, all pages are accessed
    anonymously, and post back ok on themselves or cross-page. When you hit the
    protected page, it post back ok on itself. It also cross-page posts back to
    an unprotected page, but now you see that the WWW-Authenticate header is sent
    also to "Anonymous & IWA" pages. In this scenario post backs work ok on all
    pages.

    "Sergiu Damian" wrote:

    >
    > I also get the same behavior. I have an ASP.NET 3.5 AJAX enabled application
    > that uses mixed-mode authentication. It actually uses Forms Authentication
    > but has a page that uses Integrated Windows Authentication and sets the Forms
    > Auth cookie if it authenticates properly, otherwise redirects to the normal
    > Forms Login page.
    >
    > Now, when I deactivate IWA for all pages except the special IWA page,
    > posting back just sends "nothing" back to the page. Request.Form is empty,
    > Request.ContentLength is zero. This is annoying.
    >
    > I also see it working ok from IE through Fiddler. It also works properly
    > from FireFox with or without Fiddler.
    > "Jag" wrote:
    >
    > > Hi
    > >
    > > I am facing a strange issue. I have 3 ASP pages in the default
    > > website
    > >
    > >
    > > 1. auth.aspx
    > >
    Code:
    > > <html>
    > > 	<body>
    > > 		Auth Page
    > > 		<br />
    > > 		<a href = "anon.aspx">Anon Page</a>
    > > 	</body>
    > > </html>
    > > 
    > >
    > >
    > > 2. anon.aspx
    > >
    Code:
    > > <html>
    > > 	<body>
    > > 		Normal Page
    > > 		<form action = "resp.aspx" method = "post">
    > > 			<input type = "text" name = "un" />
    > > 			<input type = "submit" />
    > > 		</form>
    > > 		<br />
    > > 		<a href = "auth.aspx">Auth Page</a>
    > > 	</body>
    > > </html>
    > > 
    > >
    > >
    > > 3. resp.aspx
    > >
    Code:
    > > <html>
    > > 	<body>
    > > 		Bytes : <%= Request.TotalBytes %>
    > > 	</body>
    > > </html>
    > > 
    > >
    > >
    > > In IIS, auth.aspx is set to have Integrated Windows Authentication.
    > > The
    > > other two have anonymous access.
    > >
    > >
    > > Here are the actions I perform on IE7.
    > >
    > >
    > > 1. Navigate to http://localhost/anon.aspx
    > > 2. Type some text and submit the form.
    > > 3. The response shows the number of bytes correctly.
    > > 4. Click the back button on browser.
    > > 5. Navigate to auth.aspx
    > > 6. Enter required credentials, if prompted. The page loads
    > > successfully.
    > > 7. Go back to http://localhost/anon.aspx
    > > 8. Type some text and submit the form.
    > > 9. Strangely, the response shows that zero byte was posted.
    > >
    > > So, whenever I go to a page with IWA enabled and then move onto a
    > > page
    > > with anonymous access, if a form exists in that page, and the form
    > > submission method is POST, the submission fails. The only workaround
    > > is to close the browser and open it again.
    > >
    > > This does not happen in Mozilla Firefox.
    > > This does not happen when I use Fiddler with IE7.
    > >
    > > Could someone explain what's going wrong?
    > >
    > > Thanks.
    > >
    > > UNT,
    > > Jag
    > >
    > >
     
    Sergiu Damian, Jun 3, 2008
    #3
  4. Jag

    Jag Guest

    Hi

    The IWA+Anon combo works.
    Thanks for the solution

    UNT,
    Jag
     
    Jag, Jun 7, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian Birtle
    Replies:
    2
    Views:
    2,073
    John Saunders
    Oct 16, 2003
  2. John

    empty/non-empty element

    John, Jul 15, 2003, in forum: XML
    Replies:
    1
    Views:
    1,039
    Klaus Johannes Rusch
    Jul 16, 2003
  3. Lukas
    Replies:
    3
    Views:
    820
    spiff
    Nov 10, 2005
  4. Marcia Hon

    Check if a directory is empty and empty it

    Marcia Hon, Feb 8, 2004, in forum: C Programming
    Replies:
    8
    Views:
    582
    Dave Thompson
    Feb 14, 2004
  5. Adam
    Replies:
    8
    Views:
    432
Loading...

Share This Page