FormsAuthentication Redirection NOT WORKING!!

Discussion in 'ASP .Net Security' started by studen77, Jan 1, 2005.

  1. studen77

    studen77 Guest

    Thanks in advance to anyone who can help:)

    Ok- I've got two different ASP.NET projects communication with each other;
    one has its WEB.CONFIG file restricting anonymous users with the following
    entry:
    <authentication mode="Forms">
    <forms loginUrl="OtherASPNETprojectname/login.aspx" name="whateverIwant"
    path="/" protection="All" />
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    The other project, which has the login.aspx page allows anonymous users and
    uses Windows authentication. The login.aspx contains event-driven logic to
    create the Authentication cookie:
    FormsAuthentication.SetAuthCookie(txtUser.Text.Trim(),true);
    Which it does so successfully **(however, the cookie is not named
    "whateverIwant", as I specified in the web.config file in the first project,
    but makes its own default name.**
    It then gets the redirection URL with the formsauthentication.getRedirectUrl
    method,
    which it also does succesfully. The final line of code simply does a
    Response.Redirect(redirectionurl);
    to send it to the protected page with its cookie authentication;

    WHAT'S DRIVING ME CRAZY IS THAT IT SIMPLY REFRESHES LOGIN.ASPX!!!!! IT
    DOESN'T GO ANYWHERE!! I'VE REMOVED ANY ROUTER/FIREWALL HARDWARE/SOFTWARE AND
    GAVE IT A DIRECTION CONNECTION TO THE INTERNET!! It does everything it
    supposed to (acknowledging the correct username and password, creating the
    cookie (albeit not in the name I specified), and produces the correct
    redirection URL; IT JUST DOESN'T REDIRECT!!! IT HAS TO BE SOMETHING WITH
    READING THE COOKIE ITSELF, OR I DON'T KNOW!!
    **My servername also does not have any "_" characters in it, just plain text
    letters**
     
    studen77, Jan 1, 2005
    #1
    1. Advertising

  2. Not sure if I understand 100% but the 2 sites will effectively be
    incompatible in terms of the authentication being used. If the cookies are
    named differently, OR the site is on a different hostname, then they wont be
    able to see each others auth cookie and no auth will occur. Have a look at
    my article at http://aspalliance.com/553 which may help.

    --

    - Paul Glavich
    ASP.NET MVP
    ASPInsider (www.aspinsiders.com)


    "studen77" <> wrote in message
    news:...
    > Thanks in advance to anyone who can help:)
    >
    > Ok- I've got two different ASP.NET projects communication with each other;
    > one has its WEB.CONFIG file restricting anonymous users with the following
    > entry:
    > <authentication mode="Forms">
    > <forms loginUrl="OtherASPNETprojectname/login.aspx"

    name="whateverIwant"
    > path="/" protection="All" />
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > The other project, which has the login.aspx page allows anonymous users

    and
    > uses Windows authentication. The login.aspx contains event-driven logic to
    > create the Authentication cookie:
    > FormsAuthentication.SetAuthCookie(txtUser.Text.Trim(),true);
    > Which it does so successfully **(however, the cookie is not named
    > "whateverIwant", as I specified in the web.config file in the first

    project,
    > but makes its own default name.**
    > It then gets the redirection URL with the

    formsauthentication.getRedirectUrl
    > method,
    > which it also does succesfully. The final line of code simply does a
    > Response.Redirect(redirectionurl);
    > to send it to the protected page with its cookie authentication;
    >
    > WHAT'S DRIVING ME CRAZY IS THAT IT SIMPLY REFRESHES LOGIN.ASPX!!!!! IT
    > DOESN'T GO ANYWHERE!! I'VE REMOVED ANY ROUTER/FIREWALL HARDWARE/SOFTWARE

    AND
    > GAVE IT A DIRECTION CONNECTION TO THE INTERNET!! It does everything it
    > supposed to (acknowledging the correct username and password, creating the


    > cookie (albeit not in the name I specified), and produces the correct
    > redirection URL; IT JUST DOESN'T REDIRECT!!! IT HAS TO BE SOMETHING WITH
    > READING THE COOKIE ITSELF, OR I DON'T KNOW!!
    > **My servername also does not have any "_" characters in it, just plain

    text
    > letters**
     
    Paul Glavich [MVP ASP.NET], Jan 2, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TaeHo Yoo
    Replies:
    1
    Views:
    531
    Teemu Keiski
    Jul 9, 2003
  2. Jeff Johnson
    Replies:
    6
    Views:
    3,772
    tharadk
    Jul 24, 2009
  3. Ed West
    Replies:
    0
    Views:
    386
    Ed West
    Aug 23, 2004
  4. Matthias S.
    Replies:
    3
    Views:
    4,088
  5. Alan Dean

    FormsAuthentication and Redirection fails

    Alan Dean, Aug 11, 2004, in forum: ASP .Net Security
    Replies:
    7
    Views:
    169
    Faassen, B.
    Aug 27, 2004
Loading...

Share This Page