Another bug in smart navigation.


A

aschmidt

Another bug in smart navigation. If smartnavigation is enabled in the
page and session
timeout occurs, the framework redirects you to wrong location of
login.aspx page if you
use Forms Authentication.

Steps to reproduce.

1. Create new web project in Visual Studio
a. Go to File | New | Project Е
b. Leave default name of project as this:
http://localhost/WebApplication1
2. Create default page.
a. Go to WebForm1.aspx in Solution Explorer (press Ctrl+Alt+L to open

Solution Explorer).
b. Create three controls in the page namely Label, TextBox and a
Button.
Leave default names.
c. Double-click Button to create default OnClick method. This opens
source
code for web-form and steps to Button1_Click method.
d. Add one statement in the Button1_Click method:
Label1.Text = TextBox1.Text;
e. Set smartNavigation property of the page to True.
f. Run project and enter anything into TextBox on the page. Click
Button,
this should change label text with value you entered in TextBox.
This
confirms the page is working property.
3. Activate forms authentication mechanism for the project.
a. Create new web-form in the project
i. Click on WebApplication1 in Solution Explorer and select Add |

Add Web Form Е. This will create new web-form.
ii. Set name of this page to login.aspx.
b. Go to design view of login.aspx
c. Put two TextBox controls and a Button. These two textboxes will
represent Username and Password fields.
d. Change Button1 text to Login.
e. Double-click login Button to create default OnClick method. This
opens
source code for web-form and steps to Button1_Click method. Insert
the
following in to Button1_Click method:

string userData = "ApplicationSpecific data for this user.";

FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(
1,
"(e-mail address removed)",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(1),
false,
userData,
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect back to original URL.


Response.Redirect(FormsAuthentication.GetRedirectUrl("(e-mail address removed)",false));

f. Add using line in login.aspx.cs: using System.Web.Security; This
reference is required for Button1_Click code.
g. Double-click on Web.config in the Solution Explorer and find line:

<authentication mode="Windows" /> in the code editor.
h. Replace this found line with the following:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
i. Find line <allow users="*" /> in web.config and replace it with:
<deny users="?"/>
j. Find sessionState section in web.config and set timeout value to
1.
This will set timeout to 1 minute on inactivity.
k. Run project and see the behavior. If you are trying to reach
WebForm1.aspx you will be redirected to login.aspx page. After
entering
username/password and click on Login button you'll be redirected
to
"real" site, which is WebForm1.aspx in this case.
4. Create sub-folder and web-form in this sub-folder.
a. Go to WebApplication1 in Solution Explorer and in context menu,
invoked by right-click, select Add | New Folder command. Rename.
b. Drag and drop existing WebForm1.aspx into NewFolder1. The web-page

should appear under NewFolder.
5. Create new "default" web-page and add hyperlink to WebForm1.aspx
located
under subfolder.
a. Right click on WebApplication1 in Solution Explorer and select Add
|
Add New Form command. This should create WebForm1.aspx.
b. Right click on WebForm1.aspx and select Set As Start Page command.

This should make this page as default page of the application.
c. Double-click on WebForm2.aspx to open this page in design view.
Add
Hyperlink control from Toolbox
d. Change NavigateUrl value of Hyperlink1 control to
NewFolder1/WebForm1.aspx
6. Run project. You should be redirected to login.aspx page. Enter any
values into
two textboxes those represent our username/password and click Login
button.
This should redirect to "default" page WebForm2.aspx.
7. Click on Hyperlink link. This will open NewFolder1/WebForm1.aspx
page.
8. Wait a bit more than one minute which will timeout the session.
Click on button
and see the behavior. You should be redirected to
WebApplication1/login.aspx
page, but the location in Address line in browser hasn't being
changed while
login.aspx is rendered in the browser.
9. Enter username/password and click Login. You will see request to
WebApplication1/NewFolder1/login.aspx or popup message Connect to
<localhost> with username/password prompt, which is incorrect. You
should be
redirected to WebApplication1/login.aspx.
10. Set smartNavigation property of WebForm1.aspx back to False and
check that
you will be redirected to right location once the session timeout.
 
Ad

Advertisements

B

bruce barker

you cannot use Response.Redirect with smart navigation.

-- bruce (sqlwork.com)

Another bug in smart navigation. If smartnavigation is enabled in the
page and session
timeout occurs, the framework redirects you to wrong location of
login.aspx page if you
use Forms Authentication.

Steps to reproduce.

1. Create new web project in Visual Studio
a. Go to File | New | Project ?
b. Leave default name of project as this:
http://localhost/WebApplication1
2. Create default page.
a. Go to WebForm1.aspx in Solution Explorer (press Ctrl+Alt+L to open

Solution Explorer).
b. Create three controls in the page namely Label, TextBox and a
Button.
Leave default names.
c. Double-click Button to create default OnClick method. This opens
source
code for web-form and steps to Button1_Click method.
d. Add one statement in the Button1_Click method:
Label1.Text = TextBox1.Text;
e. Set smartNavigation property of the page to True.
f. Run project and enter anything into TextBox on the page. Click
Button,
this should change label text with value you entered in TextBox.
This
confirms the page is working property.
3. Activate forms authentication mechanism for the project.
a. Create new web-form in the project
i. Click on WebApplication1 in Solution Explorer and select Add |

Add Web Form ?. This will create new web-form.
ii. Set name of this page to login.aspx.
b. Go to design view of login.aspx
c. Put two TextBox controls and a Button. These two textboxes will
represent Username and Password fields.
d. Change Button1 text to Login.
e. Double-click login Button to create default OnClick method. This
opens
source code for web-form and steps to Button1_Click method. Insert
the
following in to Button1_Click method:

string userData = "ApplicationSpecific data for this user.";

FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(
1,
"(e-mail address removed)",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(1),
false,
userData,
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect back to original URL.


Response.Redirect(FormsAuthentication.GetRedirectUrl("(e-mail address removed)",false));

f. Add using line in login.aspx.cs: using System.Web.Security; This
reference is required for Button1_Click code.
g. Double-click on Web.config in the Solution Explorer and find line:

<authentication mode="Windows" /> in the code editor.
h. Replace this found line with the following:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
i. Find line <allow users="*" /> in web.config and replace it with:
<deny users="?"/>
j. Find sessionState section in web.config and set timeout value to
1.
This will set timeout to 1 minute on inactivity.
k. Run project and see the behavior. If you are trying to reach
WebForm1.aspx you will be redirected to login.aspx page. After
entering
username/password and click on Login button you'll be redirected
to
"real" site, which is WebForm1.aspx in this case.
4. Create sub-folder and web-form in this sub-folder.
a. Go to WebApplication1 in Solution Explorer and in context menu,
invoked by right-click, select Add | New Folder command. Rename.
b. Drag and drop existing WebForm1.aspx into NewFolder1. The web-page

should appear under NewFolder.
5. Create new "default" web-page and add hyperlink to WebForm1.aspx
located
under subfolder.
a. Right click on WebApplication1 in Solution Explorer and select Add
|
Add New Form command. This should create WebForm1.aspx.
b. Right click on WebForm1.aspx and select Set As Start Page command.

This should make this page as default page of the application.
c. Double-click on WebForm2.aspx to open this page in design view.
Add
Hyperlink control from Toolbox
d. Change NavigateUrl value of Hyperlink1 control to
NewFolder1/WebForm1.aspx
6. Run project. You should be redirected to login.aspx page. Enter any
values into
two textboxes those represent our username/password and click Login
button.
This should redirect to "default" page WebForm2.aspx.
7. Click on Hyperlink link. This will open NewFolder1/WebForm1.aspx
page.
8. Wait a bit more than one minute which will timeout the session.
Click on button
and see the behavior. You should be redirected to
WebApplication1/login.aspx
page, but the location in Address line in browser hasn't being
changed while
login.aspx is rendered in the browser.
9. Enter username/password and click Login. You will see request to
WebApplication1/NewFolder1/login.aspx or popup message Connect to
<localhost> with username/password prompt, which is incorrect. You
should be
redirected to WebApplication1/login.aspx.
10. Set smartNavigation property of WebForm1.aspx back to False and
check that
you will be redirected to right location once the session timeout.
 
A

aschmidt

There are three pages in the repro:
login.aspx
WebForm1.aspx
WebForm2.aspx

Only one page, WebForm1.aspx located under NewFolder1 folder has
SmartNavigation enabled and has nothing to do with login sequence. The
native popup window with username/password is raised before it reaches
ASP.NET server engine.

If instead Response.Redirect used
FormsAuthentication.RedirectFromLoginPage("(e-mail address removed)", true); the
error is still exists. The only thing is that method
RedirectFromLoginPage requires name WebForm2.aspx to Default.aspx
 
B

bruce barker

all RedirectFromLoginPage does is Response.Redirect. also form
authenication uses Response.Redirect to get to the login page.

you can put client code on the login page to detect its in a iframe (called
from a smart nav page). and navigate the top page to the login page.

-- bruce (sqlwork.com)


| There are three pages in the repro:
| login.aspx
| WebForm1.aspx
| WebForm2.aspx
|
| Only one page, WebForm1.aspx located under NewFolder1 folder has
| SmartNavigation enabled and has nothing to do with login sequence. The
| native popup window with username/password is raised before it reaches
| ASP.NET server engine.
|
| If instead Response.Redirect used
| FormsAuthentication.RedirectFromLoginPage("(e-mail address removed)", true); the
| error is still exists. The only thing is that method
| RedirectFromLoginPage requires name WebForm2.aspx to Default.aspx
|
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top