Forms Auth and CrossPagePostback (aspnet 2.0)

C

C. Moya

I need to be able to postback to a different page from my login page (using
FormsAuthentication). After a lot of research, I was able to get the
postback to work by adding a <location> element for the target page in
web.config (so it's excluded from forms authentication).

HOWEVER, although the postback now works... the Page.PreviousPage property
returns a
"The current user is not allowed to access the previous page" exception. Not
sure what I'm doing wrong.

P.S.
Yes, Server.Transfer works... but I need the "redirect" so I can kick off
the session (which I have turned off in the Login page).
 
C

C. Moya

Adding a Location element in web.config for the source Logon form seems to
solve the crosspage postback problem. Does anyone know if there any security
implications for this?

Example:
<location path="Logon.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="LogonCont.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
 
C

C. Moya

Yes, FormsAuthentication automatically takes care of the "Login Page" being
accessible. But if it posts back to a different page ("crosspage postback"
via the submit button's PostBackUrl property... which is what I'm trying to
do), the second page is not allowed and the user is automatically redirected
to the Login page.

Adding the second partner page to the Locations element in web.config solves
the problem.

P.S.
In case your wondering, the reason I'm using cross page postback in this
particular scenerio is that we don't want the Login page to kick off the
session... so we have its EnableSessionState=False. Once the user clicks
submit (whether or not his credentials are accepted) we kick off the
session... the postback page has EnableSessionState=True.

--
-C. Moya
www.cmoya.com
Peter Bromberg said:
Not sure what you mean here. You have to allow unauthenticated users
access
to the login page, or they would never be able to log in, correct? If you
are
concerned that an unauthenticated user might hit the second page without
having first logged in, just check User.Identity.IsAuthenticated in the
Page_Load handler of the second page.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

forms auth ticket expiration 2
Forms auth problem 0
Http Handler Forms Auth 0
Forms Auth and Timeout page 1
2.0 auth questions 3
Forms Auth/Membership & Roles Providers/Secured Directory 1
Forms auth for directory 4
Forms Auth cookie vanishes immediately after login 4

Members online

Total: 21 (members: 2, guests: 19)
Robots: 122

Forum statistics

Threads
473,780
Messages
2,569,611
Members
45,265
Latest member
TodLarocca

Latest Threads

Top