G
Guest
Hello-
I am using Forms Authentication in a load-balanced web app and am trying to
implement SSL. My login script goes into SSL just fine. But, when I
redirect out back to HTTP, I seem to lose my authentication context and get
redirected back to the login page again. A few notes that may or may not be
important: One, I am using cisco load balancing to balance two IIS
webservers (another important note is that this works fine on our single dev
server). The load balancer is maintaining server affinity. Two, I am
storing my session state in SQL. I don't think that matters to Forms Auth,
but I could be wrong. Three, my login.aspx page is in the same directory as
the rest of my site files.
If I remain in HTTPS, the site works just fine and I move on as expected
from the login page. The problem only happens when I attempt to redirect
back into HTTP where the application seems to think I am no longer
authenticated and I recursively go back to the login page.
Here are my web.config settings:
<authentication mode="Forms">
<forms name=".MYAPPLICATIONNAME">
<loginUrl=https://www.mydomain.com/login.aspx
protection="All"
timeout="30"
path="/"/>
</authentication>
and to allow anonymous users access to my login page:
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
After I verify credentials, my login page creates the auth cookie and
redirects to the next page of the site via HTTP:
// Logic to validate user
Some authentication logic...
// Set the auth cookie
FormsAuthentication.SetAuthCookie(txtUsername.Text, false, string.Empty);
// redirect out of SSL
Response.Redirect("http://" + Request.Url.Host +
FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
If anyone has any insight, I'd be much obliged!
Thanks
Al
I am using Forms Authentication in a load-balanced web app and am trying to
implement SSL. My login script goes into SSL just fine. But, when I
redirect out back to HTTP, I seem to lose my authentication context and get
redirected back to the login page again. A few notes that may or may not be
important: One, I am using cisco load balancing to balance two IIS
webservers (another important note is that this works fine on our single dev
server). The load balancer is maintaining server affinity. Two, I am
storing my session state in SQL. I don't think that matters to Forms Auth,
but I could be wrong. Three, my login.aspx page is in the same directory as
the rest of my site files.
If I remain in HTTPS, the site works just fine and I move on as expected
from the login page. The problem only happens when I attempt to redirect
back into HTTP where the application seems to think I am no longer
authenticated and I recursively go back to the login page.
Here are my web.config settings:
<authentication mode="Forms">
<forms name=".MYAPPLICATIONNAME">
<loginUrl=https://www.mydomain.com/login.aspx
protection="All"
timeout="30"
path="/"/>
</authentication>
and to allow anonymous users access to my login page:
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
After I verify credentials, my login page creates the auth cookie and
redirects to the next page of the site via HTTP:
// Logic to validate user
Some authentication logic...
// Set the auth cookie
FormsAuthentication.SetAuthCookie(txtUsername.Text, false, string.Empty);
// redirect out of SSL
Response.Redirect("http://" + Request.Url.Host +
FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));
If anyone has any insight, I'd be much obliged!
Thanks
Al