Forms authentication not working

M

mwhite

Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <forms> timeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.

Any suggestions gratefully received!

Mat
 
J

JeffP@Work

Mat,

Although I'm using 1.1 Forms Auth I had a few gotcha's.....

Login.aspx FormsAuthentication.Initialize()

Although I have a login page, its purpose is to either login w/an ID or via
querystring passing in the ID.

My formsAuth method is contained in my Common.vb for reusability in other
web projects.

PageLoad event for all pages....

'Check security token
If Not Session("securityToken") Is Nothing Then
If Not CType(Session("securityToken"),
Common.SecurityToken).IsLoggedIn Then
Response.Redirect("./LogOut.aspx")
End If
Else : Response.Redirect("./LogOut.aspx")
End If

I'm not sure if this helps but in my searching there were many suggestions
that there may also be an issue w/the machine.config

HTH

JeffP....
 
M

mwhite

Hi,
thanks for the reply. I found an article
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!

Mat
 
J

JeffP@Work

Mat, Since it is htm, prehaps you could write an aspx wrapper for the entire
site and javaScript to check for isLoggedIn, or use a VB6 dll that checks
the cookie... good luck.... JeffP...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

React native post-request is not working 1
JavaScript code not working!! 6
Slideshow not working properly 2
Image upload not working in browser 4
Forms Authentication not Redirecting 1
Login form no longer working 2
Working with min-height 1
Problem with my forms authentication 1

Members online

Total: 40 (members: 1, guests: 39)
Robots: 196

Forum statistics

Threads
473,764
Messages
2,569,564
Members
45,040
Latest member
papereejit

Latest Threads

Top