Forms authentication not working

Discussion in 'ASP .Net' started by mwhite@mbasys.co.uk, Sep 13, 2006.

  1. Guest

    Hi, I'm adding a security layer to a companies intranet pages. I have
    created a login page, using the Asp.Net 2 login control, and am using
    Forms Authentication. I have set the <forms> timeout attribute to
    5mins, as they don't want anyone to be able to view the secure pages
    without logging in. It works fine when I build the project and run
    through Visual Studio, redirecting to the login page after timeout.
    However, since publishing the website and moving it to a server, the
    timeout is now having no effect at all - coming back to the page after
    20mins idle, you can click a link and it goes there, with no redirect.
    I have tried closing the browser, and then opening it again - you can
    simply type the url of a page in the secure section and it loads up,
    without having to login again.

    Any suggestions gratefully received!

    Mat
    , Sep 13, 2006
    #1
    1. Advertising

  2. JeffP@Work Guest

    Mat,

    Although I'm using 1.1 Forms Auth I had a few gotcha's.....

    Login.aspx FormsAuthentication.Initialize()

    Although I have a login page, its purpose is to either login w/an ID or via
    querystring passing in the ID.

    My formsAuth method is contained in my Common.vb for reusability in other
    web projects.

    PageLoad event for all pages....

    'Check security token
    If Not Session("securityToken") Is Nothing Then
    If Not CType(Session("securityToken"),
    Common.SecurityToken).IsLoggedIn Then
    Response.Redirect("./LogOut.aspx")
    End If
    Else : Response.Redirect("./LogOut.aspx")
    End If

    I'm not sure if this helps but in my searching there were many suggestions
    that there may also be an issue w/the machine.config

    HTH

    JeffP....

    <> wrote in message
    news:...
    > Hi, I'm adding a security layer to a companies intranet pages. I have
    > created a login page, using the Asp.Net 2 login control, and am using
    > Forms Authentication. I have set the <forms> timeout attribute to
    > 5mins, as they don't want anyone to be able to view the secure pages
    > without logging in. It works fine when I build the project and run
    > through Visual Studio, redirecting to the login page after timeout.
    > However, since publishing the website and moving it to a server, the
    > timeout is now having no effect at all - coming back to the page after
    > 20mins idle, you can click a link and it goes there, with no redirect.
    > I have tried closing the browser, and then opening it again - you can
    > simply type the url of a page in the secure section and it loads up,
    > without having to login again.
    >
    > Any suggestions gratefully received!
    >
    > Mat
    >
    JeffP@Work, Sep 13, 2006
    #2
    1. Advertising

  3. Guest

    Hi,
    thanks for the reply. I found an article
    http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
    explains the problem - basically, forms authentication does not apply
    to .htm and .html files since they are not ASP.NET filetypes, so it
    does not even see requests to the pages and therefore cannot act on
    them. The site I'm working on is very old, and made entirely of .htm
    files - my login page is the only .aspx file there is!

    Mat
    , Sep 13, 2006
    #3
  4. JeffP@Work Guest

    Mat, Since it is htm, prehaps you could write an aspx wrapper for the entire
    site and javaScript to check for isLoggedIn, or use a VB6 dll that checks
    the cookie... good luck.... JeffP...

    <> wrote in message
    news:...
    > Hi,
    > thanks for the reply. I found an article
    > http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
    > explains the problem - basically, forms authentication does not apply
    > to .htm and .html files since they are not ASP.NET filetypes, so it
    > does not even see requests to the pages and therefore cannot act on
    > them. The site I'm working on is very old, and made entirely of .htm
    > files - my login page is the only .aspx file there is!
    >
    > Mat
    >
    JeffP@Work, Sep 13, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,458
    Tommy
    Feb 13, 2004
  2. Russell
    Replies:
    6
    Views:
    599
    russell mccloy
    Mar 24, 2005
  3. =?Utf-8?B?S3VsZGVlcA==?=

    Logout not working - Forms Authentication domain wide cookie

    =?Utf-8?B?S3VsZGVlcA==?=, Jun 13, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    634
    =?Utf-8?B?S3VsZGVlcA==?=
    Jun 13, 2005
  4. Matt
    Replies:
    2
    Views:
    560
  5. Eric
    Replies:
    2
    Views:
    500
Loading...

Share This Page