RedirectFromLoginPage never returns to original page

Discussion in 'ASP .Net' started by Edward Mitchell, Feb 17, 2005.

  1. I have a main project that is protected in that the user is directed to a
    login.aspx file.

    The text in the web.config file is:

    <authentication mode="Forms">
    <forms loginUrl="Login.aspx" />
    </authentication>

    <authorization>
    <deny users="?" /> <!--deny unauthorized users -->
    <allow users="*" /> <!-- Allow all authorized users -->
    </authorization>

    When the user enters email/password and is authenticated, control is
    transferred back to the main page via the line in the Login.aspx file:

    if(Authenticate(EMail.Text, Password.Text)) {
    // return to the original page
    FormsAuthentication.RedirectFromLoginPage(EMail.Text, false);
    }
    else {
    Output.Text = "Invalid Login";
    }

    Authenticate is my routine.

    This all works as it should.

    I also have a second project that is going to allow editing of the main page
    info. This is contained in the solution but placed in a subdirectory to the
    main project. In there I have a web.config file that just identifies the
    login.aspx file in the parent directory so:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <system.web>
    <authentication mode="Forms">
    <forms loginUrl="../Login.aspx" />
    </authentication>
    </system.web>
    </configuration>

    Again when I start the second project I am transferred to the login.aspx
    file in the parent folder. I enter the credentials and when I step through
    the code, the FormsAuthentication.RedirectFromLoginPage(...) routine is
    called.

    My problem is that the Login.aspx page is recycled. Control doesn't return
    to my secondary project in the child folder it just keeps on showing the
    Login page.

    If I look at the browsers address line for the login page:

    http://localhost/OnLineReg/Login.aspx?ReturnUrl=/OnLineReg/DisplayRegInfo/DisplayRegInfo.aspx

    it has the correct return address of the page in the subfolder
    "DisplayRegInfo" in the ReturnUrl= argument.

    Can anyone suggest if I am doing anything obviously wrong?

    Ed
    --
    Edward E.L. Mitchell
    Phone: (239)415-7039
    6707 Daniel Court
    Fort Myers, FL 33908
    Edward Mitchell, Feb 17, 2005
    #1
    1. Advertising

  2. You probably have your second project configured as an application in IIS.

    bill

    "Edward Mitchell" <> wrote in message
    news:...
    > I have a main project that is protected in that the user is directed to a
    > login.aspx file.
    >
    > The text in the web.config file is:
    >
    > <authentication mode="Forms">
    > <forms loginUrl="Login.aspx" />
    > </authentication>
    >
    > <authorization>
    > <deny users="?" /> <!--deny unauthorized users -->
    > <allow users="*" /> <!-- Allow all authorized users -->
    > </authorization>
    >
    > When the user enters email/password and is authenticated, control is
    > transferred back to the main page via the line in the Login.aspx file:
    >
    > if(Authenticate(EMail.Text, Password.Text)) {
    > // return to the original page
    > FormsAuthentication.RedirectFromLoginPage(EMail.Text, false);
    > }
    > else {
    > Output.Text = "Invalid Login";
    > }
    >
    > Authenticate is my routine.
    >
    > This all works as it should.
    >
    > I also have a second project that is going to allow editing of the main

    page
    > info. This is contained in the solution but placed in a subdirectory to

    the
    > main project. In there I have a web.config file that just identifies the
    > login.aspx file in the parent directory so:
    >
    > <?xml version="1.0" encoding="utf-8" ?>
    > <configuration>
    > <system.web>
    > <authentication mode="Forms">
    > <forms loginUrl="../Login.aspx" />
    > </authentication>
    > </system.web>
    > </configuration>
    >
    > Again when I start the second project I am transferred to the login.aspx
    > file in the parent folder. I enter the credentials and when I step

    through
    > the code, the FormsAuthentication.RedirectFromLoginPage(...) routine is
    > called.
    >
    > My problem is that the Login.aspx page is recycled. Control doesn't

    return
    > to my secondary project in the child folder it just keeps on showing the
    > Login page.
    >
    > If I look at the browsers address line for the login page:
    >
    >

    http://localhost/OnLineReg/Login.aspx?ReturnUrl=/OnLineReg/DisplayRegInfo/DisplayRegInfo.aspx
    >
    > it has the correct return address of the page in the subfolder
    > "DisplayRegInfo" in the ReturnUrl= argument.
    >
    > Can anyone suggest if I am doing anything obviously wrong?
    >
    > Ed
    > --
    > Edward E.L. Mitchell
    > Phone: (239)415-7039
    > 6707 Daniel Court
    > Fort Myers, FL 33908
    >
    >
    William F. Robertson, Jr., Feb 17, 2005
    #2
    1. Advertising

  3. I'm pretty sure that when I created the project it was C# with the Web
    Application icon chosen. However, I can't find any reference in the Project
    Properties that would tell me this.

    However, assuming it is a web application, can I make it work? Do I have to
    start off creating the project from scratch and if so, what do I chose for
    the project type?

    Is there any documentation for this?

    Ed


    "William F. Robertson, Jr." <> wrote in message
    news:...
    > You probably have your second project configured as an application in IIS.
    >
    > bill
    >
    > "Edward Mitchell" <> wrote in message
    > news:...
    >> I have a main project that is protected in that the user is directed to a
    >> login.aspx file.
    >>
    >> The text in the web.config file is:
    >>
    >> <authentication mode="Forms">
    >> <forms loginUrl="Login.aspx" />
    >> </authentication>
    >>
    >> <authorization>
    >> <deny users="?" /> <!--deny unauthorized users -->
    >> <allow users="*" /> <!-- Allow all authorized users -->
    >> </authorization>
    >>
    >> When the user enters email/password and is authenticated, control is
    >> transferred back to the main page via the line in the Login.aspx file:
    >>
    >> if(Authenticate(EMail.Text, Password.Text)) {
    >> // return to the original page
    >> FormsAuthentication.RedirectFromLoginPage(EMail.Text, false);
    >> }
    >> else {
    >> Output.Text = "Invalid Login";
    >> }
    >>
    >> Authenticate is my routine.
    >>
    >> This all works as it should.
    >>
    >> I also have a second project that is going to allow editing of the main

    > page
    >> info. This is contained in the solution but placed in a subdirectory to

    > the
    >> main project. In there I have a web.config file that just identifies the
    >> login.aspx file in the parent directory so:
    >>
    >> <?xml version="1.0" encoding="utf-8" ?>
    >> <configuration>
    >> <system.web>
    >> <authentication mode="Forms">
    >> <forms loginUrl="../Login.aspx" />
    >> </authentication>
    >> </system.web>
    >> </configuration>
    >>
    >> Again when I start the second project I am transferred to the login.aspx
    >> file in the parent folder. I enter the credentials and when I step

    > through
    >> the code, the FormsAuthentication.RedirectFromLoginPage(...) routine is
    >> called.
    >>
    >> My problem is that the Login.aspx page is recycled. Control doesn't

    > return
    >> to my secondary project in the child folder it just keeps on showing the
    >> Login page.
    >>
    >> If I look at the browsers address line for the login page:
    >>
    >>

    > http://localhost/OnLineReg/Login.aspx?ReturnUrl=/OnLineReg/DisplayRegInfo/DisplayRegInfo.aspx
    >>
    >> it has the correct return address of the page in the subfolder
    >> "DisplayRegInfo" in the ReturnUrl= argument.
    >>
    >> Can anyone suggest if I am doing anything obviously wrong?
    >>
    >> Ed
    >> --
    >> Edward E.L. Mitchell
    >> Phone: (239)415-7039
    >> 6707 Daniel Court
    >> Fort Myers, FL 33908
    >>
    >>

    >
    >
    Edward Mitchell, Feb 17, 2005
    #3
  4. Hi Edward,

    The problem you encountered is actual caused by some combined factors. here
    is some of my suggestions:

    1. Each ASP.NET Web application is hosted in an IIS folder which configured
    as Application. So if you make your subfolder as Application, that
    subfolder become a separate application from its parent virutal dir's
    application. I don't think this is what you want, so you need to remove the
    "Applciation" in the subfolder.

    2. The <authentication> element is per-application based ,so each
    application can have only one <authentication> element in the main
    web.config. However, we can have multiple
    <authorization> element to define different protection rules for different
    paths in our web application. So currently you have two options to resolve
    your problem:

    1) Still use a sub web.config in your sub dir(must remove that subdir as
    Application), and also remove the <authentication> element in it, just put
    your <authorization> setting in sub dir's web.config.

    2)Use the <location> element in your main web.config to specify different
    <authorization> settings for different paths:

    #Hierarchical Configuration Architecture
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconhierarchicalconfig
    urationarchitecture.asp?frame=true

    If anything unclear, please feel free to post here.

    Thanks & Regards,


    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Feb 18, 2005
    #4
  5. I made some more experiments. When I first visit the line in Login.aspx.cs:

    FormsAuthentication.RedirectFromLoginPage(EMail.Text, false);

    Page.Context.User.Identity contains the empty string for AuthenticationType
    and Name and IsAuthenticated is false. If I step through this routine call
    with the debugger the Page.Context.User fields don't change. Then control
    leaves my Login.aspx.cs file (debugger stepwise) but the Login.aspx page
    again shows up in the browser.

    If I push the Login button again and the second time around the code in the
    Login.aspx.cs file I break at the same point. Now the debugger QuickWatch
    window shows that Page.Context.User.Identity has IsAuthenticated as true,
    the AuthenticationType is "Forms" and the Name is correct. Something did
    the right thing on leaving the LoginButton_Click(...) event to no avail.

    But I'm still in the Login.aspx page and will go back to the same breakpoint
    when I hit the login button again.

    In both the above debug breaks, I examined the expression directly in the
    QuickWatch window to find out where we were supposed to go back to::

    FormsAuthentication.GetRedirectUrl("name", false)

    and this gave the correct return URL to the page that I am trying to go back
    to.

    The problem is that it won't return and leave the Login page even though it
    looks like the user is now supposedly authenticated.

    Since the "RedirectFromLoginPage" is system code, I am unable to step within
    is to see what is really supposed to be happening.

    Ed
    --
    Edward E.L. Mitchell
    Phone: (239)415-7039
    6707 Daniel Court
    Fort Myers, FL 33908
    Edward Mitchell, Feb 18, 2005
    #5
  6. Steve,

    I removed the Web.Config file from the subdirectory and added a <location>
    tag to the root Web.Config. There is now a single <authentication
    mode="Forms"> tag and two tags for the <authorization...>. This is the text
    in my single Web.Config file:

    <configuration>
    <system.web>
    ...
    <authentication mode="Forms">
    <forms loginUrl="Login.aspx" />
    </authentication>

    <authorization>
    <deny users="?" /> <!--deny unauthorized users -->
    <allow users="*" /> <!-- Allow all authorized users -->
    </authorization>
    ...
    </system.web>
    <location path="DisplayRegInfo">
    <system.web>
    <authentication>
    <forms loginUrl="../Login.aspx" />
    </authentication>
    <authorization>
    <deny users="?" /> <!--deny unauthorized users -->
    <allow users="*" /> <!-- Allow all authorized users -->
    </authorization>
    </system.web>
    </location>
    </configuration>

    I found that I had to define the loginUrl as "../Login.aspx" in the location
    since it appears that the path is relative to the page being authenticated.
    I could use a forward slash or backslash to define the parent directory.

    However, I still see the same behavior. My login.aspx file finds the user
    and then does the

    FormsAuthentication.RedirectFromLoginPage(EMail.Text, false);

    but the login.aspx page is continually recycled. Control never goes back to
    the original page.

    Is the only way out of this to put all the pages in the same top-level
    directory?

    Ed



    "Steven Cheng[MSFT]" <> wrote in message
    news:id$...
    > Hi Edward,
    >
    > The problem you encountered is actual caused by some combined factors.
    > here
    > is some of my suggestions:
    >
    > 1. Each ASP.NET Web application is hosted in an IIS folder which
    > configured
    > as Application. So if you make your subfolder as Application, that
    > subfolder become a separate application from its parent virutal dir's
    > application. I don't think this is what you want, so you need to remove
    > the
    > "Applciation" in the subfolder.
    >
    > 2. The <authentication> element is per-application based ,so each
    > application can have only one <authentication> element in the main
    > web.config. However, we can have multiple
    > <authorization> element to define different protection rules for different
    > paths in our web application. So currently you have two options to resolve
    > your problem:
    >
    > 1) Still use a sub web.config in your sub dir(must remove that subdir as
    > Application), and also remove the <authentication> element in it, just put
    > your <authorization> setting in sub dir's web.config.
    >
    > 2)Use the <location> element in your main web.config to specify different
    > <authorization> settings for different paths:
    >
    > #Hierarchical Configuration Architecture
    > http://msdn.microsoft.com/library/en-us/cpguide/html/cpconhierarchicalconfig
    > urationarchitecture.asp?frame=true
    >
    > If anything unclear, please feel free to post here.
    >
    > Thanks & Regards,
    >
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    >
    >
    Edward Mitchell, Feb 18, 2005
    #6
  7. Hi Ed,

    Have you also change your sub directory to a normal folder (from an
    "APPLICATION" virtual dir)? That's the key point, we can't make a sub
    folder as another separate application in IIS if they're actually the same
    asp.net application.

    Thanks.

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Feb 21, 2005
    #7
  8. Steve,

    It turned out that I hadn't made the subdirectory within my virtual
    directory a virtual directory of it's own. I noticed in IIS that the
    virtual directories have a their own icon compared to a lowly folder. When
    I made the sub-folder a virtual directory, I was able to startup using the
    Login.aspx in the parent directory and return to the page in the
    subdirectory.

    I finished up putting all my files in one directory rather than mess with
    the sub-folders.

    Thanks for the feedback.

    Ed

    "Steven Cheng[MSFT]" <> wrote in message
    news:cQ5aVQ%...
    > Hi Ed,
    >
    > Have you also change your sub directory to a normal folder (from an
    > "APPLICATION" virtual dir)? That's the key point, we can't make a sub
    > folder as another separate application in IIS if they're actually the same
    > asp.net application.
    >
    > Thanks.
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    Edward Mitchell, Feb 22, 2005
    #8
  9. Good!

    Glad that you've figured it our.
    Have a nice day!

    Cheers,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Feb 22, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phoenix
    Replies:
    3
    Views:
    1,294
    Joris Gillis
    Dec 30, 2004
  2. Soren Kuula
    Replies:
    1
    Views:
    434
    Henry S. Thompson
    Dec 1, 2005
  3. Kevin
    Replies:
    4
    Views:
    403
    Irrwahn Grausewitz
    Oct 17, 2003
  4. Tim Murphy

    RedirectFromLoginPage: Returns to login page.

    Tim Murphy, Sep 26, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    218
    Tim Murphy
    Sep 26, 2005
  5. Chuck
    Replies:
    0
    Views:
    237
    Chuck
    Jul 5, 2003
Loading...

Share This Page