:o( .... Client not redirected to login page.

Discussion in 'ASP .Net' started by M O J O, Sep 22, 2004.

  1. M O J O

    M O J O Guest

    Hi,

    I have a huge problem.

    I'm using cookieless sessionstate. When I try to access a "secure" page
    (that is, a page that requires the user has logged in), the user is
    redirected to the login page perfectly - no problem.

    But when the user IS logged in, and he manually remove the cookie part from
    the url (in the address bar) and hit enter, this creates a new session and
    when he tries to access my "secure" page again, he is NOT sendt to the login
    page. :eek:(

    What am I doning wrong?

    Here's some of my code:

    WEB.CONFIG....

    <authentication mode="Forms">
    <forms name="MyTestApp" path="/" loginUrl="login.aspx" protection="All"
    timeout="25"></forms>
    </authentication>

    <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
    cookieless="true" timeout="30" />


    LOGIN.ASPX

    Dim ticket As New FormsAuthenticationTicket(1, "TestUser",
    System.DateTime.Now, System.DateTime.Now.AddMinutes(30), False, "MyTestApp",
    FormsAuthentication.FormsCookiePath)

    ' Encrypt the ticket.
    Dim encTicket As String = FormsAuthentication.Encrypt(ticket)

    ' Create the cookie.
    .Response.Cookies.Add(New
    HttpCookie(FormsAuthentication.FormsCookieName, encTicket))



    Thank you in advance!

    M O J O
     
    M O J O, Sep 22, 2004
    #1
    1. Advertising

  2. You are using cookieless sessions. Your authentication info is stored in
    cookies still. Look at your code, you have a Response.Cookies.Add where you
    take care of the auth. That info in the url is just the session ID.
     
    =?Utf-8?B?U2NvdHQgU2ltb25z?=, Sep 22, 2004
    #2
    1. Advertising

  3. Hi MOJO,

    As for the authentication problem you mentioned, I think Scott.'s
    suggestion is reasonable. The ASP.NET'S
    FormsAuthentication is based on cookie(use cookie to store authentication
    ticket). So I think your client user may not enable the cookie since you
    use cookieless session, yes? If the client browser disable cooie, the
    formsauthentication won't work. To confirm this, you can make a test page
    which write some cookie value to client and retrieve them again from client
    to see whether the clientside can accept cookie.
    In addition, if you are sure that your application is aim at "no cookie
    client", I suggest that you manually implement your authentication and
    store the authentication ticket in the Session collection after the user
    login.
    If you have any other questions, please feel free to post here. Thanks.


    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Sep 23, 2004
    #3
  4. Hi MOJO,

    Have you had a chance to check out the suggestions in my last reply or have
    you got any further ideas on this issue? If you have anything unclear or if
    there're anything else we can help, please feel free to post here.

    Thanks.

    Regards,

    Steven Cheng
    Microsoft Online Support
     
    Steven Cheng[MSFT], Sep 27, 2004
    #4
  5. M O J O

    M O J O Guest

    Hi Steven,

    Yes and thank you!

    I was sad to find out that Form authentication used cookies.

    I found this article and implemented in my website:

    www.codeproject.com/aspnet/cookieless.asp

    Thank you again for helping me out!

    M O J O

    "Steven Cheng[MSFT]" <> skrev i en meddelelse
    news:F%...
    > Hi MOJO,
    >
    > Have you had a chance to check out the suggestions in my last reply or
    > have
    > you got any further ideas on this issue? If you have anything unclear or
    > if
    > there're anything else we can help, please feel free to post here.
    >
    > Thanks.
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
     
    M O J O, Sep 27, 2004
    #5
  6. Hi MOJO,

    You are welcome! Yes, I've also read the "cookieless formsauthentication"
    article in codeproject and since it's implemented via url querystring, it
    may cause some other problems sometimes. Anyway, thanks again for your
    posting and please feel free to post here if you have any problems in the
    furture:)

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Sep 27, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. darrel
    Replies:
    4
    Views:
    813
    darrel
    Sep 29, 2004
  2. Steve
    Replies:
    2
    Views:
    540
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Nov 1, 2007
  3. fredd00
    Replies:
    0
    Views:
    420
    fredd00
    Jul 2, 2008
  4. Ali Khawaja
    Replies:
    1
    Views:
    178
  5. Irishmaninusa
    Replies:
    0
    Views:
    157
    Irishmaninusa
    Sep 23, 2004
Loading...

Share This Page