Form authentication, what about normal login?

Discussion in 'ASP .Net Security' started by Henry, Jan 27, 2004.

  1. Henry

    Henry Guest

    Hello,
    Let's assume we have setup from-based authentication in a website.
    And the front page of this website is a login page with some welcome
    message.
    A user types in URL and request this front page.
    But the IIS cannot find AUTH cookie for this user, so it redirect the
    user to the login page, which we setup as the same login page as we
    mentioned earlier.
    Then after user login, and then he will be redirect back to the
    original page he requested, which is the same login page again.
    Isn't that funny?

    OK, you might say we can somehow (how?) config the IIS so that this
    front page doesn't require authentication.
    But the problem remains.
    If a user types in URL and succefully get this front page, he typed in
    his user name and password and click on submit button.
    Then the login page will check the credential and then redirect user
    to other pages, e.g. his inbox.
    But during this process, no AUTH coockie is created.
    The login page doesn't create AUTH cookie.
    So the user will be redirect to login page later when he visit other
    page.
    Please tell me what's wrong with my logic.

    Thank you very much.
     
    Henry, Jan 27, 2004
    #1
    1. Advertising

  2. Henry

    Keith Guest

    Good question, in fact one I had to deal with a while
    back.

    http://www.devx.com/vb2themax/Tip/18800

    Basically, you can setup different settings for different
    files/folders of your apps. Focus on the location
    section of the web.config for your answer.


    >-----Original Message-----
    >Hello,
    >Let's assume we have setup from-based authentication in

    a website.
    >And the front page of this website is a login page with

    some welcome
    >message.
    >A user types in URL and request this front page.
    >But the IIS cannot find AUTH cookie for this user, so it

    redirect the
    >user to the login page, which we setup as the same login

    page as we
    >mentioned earlier.
    >Then after user login, and then he will be redirect back

    to the
    >original page he requested, which is the same login

    page again.
    >Isn't that funny?
    >
    >OK, you might say we can somehow (how?) config the IIS

    so that this
    >front page doesn't require authentication.
    >But the problem remains.
    >If a user types in URL and succefully get this front

    page, he typed in
    >his user name and password and click on submit button.
    >Then the login page will check the credential and then

    redirect user
    >to other pages, e.g. his inbox.
    >But during this process, no AUTH coockie is created.
    >The login page doesn't create AUTH cookie.
    >So the user will be redirect to login page later when he

    visit other
    >page.
    >Please tell me what's wrong with my logic.
    >
    >Thank you very much.
    >.
    >
     
    Keith, Feb 1, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tumurbaatar S.

    Normal form

    Tumurbaatar S., Jul 21, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    449
    =?Utf-8?B?UGhpbGxpcCBXaWxsaWFtcw==?=
    Jul 21, 2005
  2. apondu
    Replies:
    3
    Views:
    6,752
    satishsuman
    Feb 28, 2008
  3. Deane
    Replies:
    3
    Views:
    1,189
    Deane
    Aug 1, 2007
  4. Pascal Blanchard
    Replies:
    0
    Views:
    248
    Pascal Blanchard
    Aug 17, 2004
  5. Pascal Blanchard
    Replies:
    1
    Views:
    280
    Pascal Blanchard
    Aug 18, 2004
Loading...

Share This Page