2
23s
I had this problem in the past, after a server reformat it went away, and
now after another server reformat it's back again - no clue what's doing it.
Here's the flow:
Website root is public, no SSL no forms auth. One of the subfolders in the
public area is the root of a "protected" area; SSL is required from this
subfolder on forward and a web.config in the subfolder specifies forms
authentication. From the public area, I provide a link to a "welcome" page
in the protected area - if welcome page is requested, user is bounced to
login.aspx, and if successful login (integrated with AD) they get the
welcome page.
This part works, I can arrive to the site, request the protected "welcome"
page, get the login.aspx, log in with my AD creds, and get the welcome page.
Turning trace on shows the forms auth cookie to exist on the welcome page.
Because I am integrated with AD I'm using role-based security in web.configs
and so I'm impersonating in every subsequent request. On the next request,
the forms auth cookie is gone when Authenticate_Request fires. AFAIK I
don't have any code between the output of the trace on "welcome" page and
the Authenticate_Request in global.asax. The cookie is being destroyed
sometime after I login and the welcome page is delivered, but I can't figure
out where or by what.
Consequently, the only part of my secure area I can access is the welcome
page. Once I'm there, my cookie goes bye-bye and any requests in the
protected area simply bounce me to the login screen again.
What would cause a cookie be created and then seemingly disappear once I'm
logged in? The website code is stored in VSS and hasn't changed in months;
this code was working last week before I reformatted the web server, so I'm
suspecting a server configuration issue - the web.configs may have changed,
although I cannot seem to find anything wrong with them.
now after another server reformat it's back again - no clue what's doing it.
Here's the flow:
Website root is public, no SSL no forms auth. One of the subfolders in the
public area is the root of a "protected" area; SSL is required from this
subfolder on forward and a web.config in the subfolder specifies forms
authentication. From the public area, I provide a link to a "welcome" page
in the protected area - if welcome page is requested, user is bounced to
login.aspx, and if successful login (integrated with AD) they get the
welcome page.
This part works, I can arrive to the site, request the protected "welcome"
page, get the login.aspx, log in with my AD creds, and get the welcome page.
Turning trace on shows the forms auth cookie to exist on the welcome page.
Because I am integrated with AD I'm using role-based security in web.configs
and so I'm impersonating in every subsequent request. On the next request,
the forms auth cookie is gone when Authenticate_Request fires. AFAIK I
don't have any code between the output of the trace on "welcome" page and
the Authenticate_Request in global.asax. The cookie is being destroyed
sometime after I login and the welcome page is delivered, but I can't figure
out where or by what.
Consequently, the only part of my secure area I can access is the welcome
page. Once I'm there, my cookie goes bye-bye and any requests in the
protected area simply bounce me to the login screen again.
What would cause a cookie be created and then seemingly disappear once I'm
logged in? The website code is stored in VSS and hasn't changed in months;
this code was working last week before I reformatted the web server, so I'm
suspecting a server configuration issue - the web.configs may have changed,
although I cannot seem to find anything wrong with them.