Forms Authentication - Bad Redirect on POST

Discussion in 'ASP .Net' started by Ed Henn, Jan 3, 2004.

  1. Ed Henn

    Ed Henn Guest

    I'm having a problem with .NET Forms Authentication in a particular
    application. It's not redirecting properly when my session is timed
    out, seemingly only when I POST the page (i.e. click a form submit
    button). If I try to GET a page after timeout (i.e. just picking a page
    to visit from a menu), I am redirected to the login screen properly.

    The browser error I'm getting in the POST example is "403.1 Execute
    Access Forbidden". I looked into the IIS logs to compare these two
    situations and found this...

    Web logs during a GET after timeout:
    2004-01-02 23:11:38 127.0.0.1 GET /app/bondsearch.aspx - 302
    2004-01-02 23:11:38 127.0.0.1 GET /LoginPage.aspx
    ReturnUrl=%2fapp%2fbondsearch.aspx 200

    which looks fine, I'm getting a 302 (temp redirect) on the attempted
    GET, followed by a GET redirected to the login form. However...

    Web logs during a POST after timeout:
    2004-01-02 22:40:36 127.0.0.1 POST /app/bondsearch.aspx - 302
    2004-01-02 22:40:36 127.0.0.1
    UwMC4wMDs%2BPjs%2BOzs%2BO3Q8cDxwPGw8Q3NzQ2xhc3M7XyFTQjs%2BO2w8c21hbGxsYW
    JlbDtpPDI%2BOz4%2BOz47Oz47dD /LoginPage.aspx
    ReturnUrl=%2fapp%2fbondsearch.aspx 403

    which is very confusing... it looks like I got a string of nonsense in
    place of a normal http verb, but the rest of the line is fine, it
    contains the requested resource and proper query string for return url.

    Any suggestions? I can't seem to find reference to this issue in the
    newsgroups. Thanks in advance for your help!

    I'm using .NET framework 1.1. Here's the pertinent snippet of
    web.config:

    <authentication mode="Forms">
    <forms loginUrl="LoginPage.aspx" name=".ASPXFORMSAUTH" path="/"
    protection="All" timeout="1">
    <credentials passwordFormat="Clear">
    </credentials>
    </forms>
    </authentication>

    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>
     
    Ed Henn, Jan 3, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.