|
Re: Forms authentication login page
"Jerry III" <jerryiii@hotmail.com> wrote in message
news:%23AfktVObDHA.652@tk2msftngp13.phx.gbl... > Is there a way to change ASP.NET forms authentication from redirecting to > the login page and just use Server.Transfer to it instead? No. That wouldn't work. It has to redirect because that's when it sends the login cookie. -- John Saunders Internet Engineer john.saunders@surfcontrol.com |
Re: Forms authentication login page
It sends the login cookie BEFORE you enter your user name and password?
What's in it? Jerry "John Saunders" <john.saunders@surfcontrol.com> wrote in message news:%2334fOLPbDHA.2336@TK2MSFTNGP09.phx.gbl... > "Jerry III" <jerryiii@hotmail.com> wrote in message > news:%23AfktVObDHA.652@tk2msftngp13.phx.gbl... > > Is there a way to change ASP.NET forms authentication from redirecting to > > the login page and just use Server.Transfer to it instead? > > No. That wouldn't work. It has to redirect because that's when it sends the > login cookie. > -- > John Saunders > Internet Engineer > john.saunders@surfcontrol.com > > |
Re: Forms authentication login page
"Jerry III" <jerryiii@hotmail.com> wrote in message
news:u0aGzzQbDHA.2296@TK2MSFTNGP09.phx.gbl... > It sends the login cookie BEFORE you enter your user name and password? > What's in it? > No. After you enter your username and password and click "Ok", you validate the username and password and if valid, call RedirectToLoginPage(...). That puts the login cookie into Response.Cookies and then redirects to the originally-requested page. The redirect sets the login cookie, and when the client requests the original page (due to the redirect), it will send the login cookie. -- John Saunders Internet Engineer john.saunders@surfcontrol.com |
Re: Forms authentication login page
I know that. That's why I would like the original request (the one where
you're not authenticated yet, NOT the request submitting your name/password) not to be redirected to the login page but rather have the server to do Server.Transfer to that page. There's absolutely no need for the redirect. Jerry "John Saunders" <john.saunders@surfcontrol.com> wrote in message news:OgEP$BRbDHA.2296@TK2MSFTNGP09.phx.gbl... > "Jerry III" <jerryiii@hotmail.com> wrote in message > news:u0aGzzQbDHA.2296@TK2MSFTNGP09.phx.gbl... > > It sends the login cookie BEFORE you enter your user name and password? > > What's in it? > > > > No. After you enter your username and password and click "Ok", you validate > the username and password and if valid, call RedirectToLoginPage(...). That > puts the login cookie into Response.Cookies and then redirects to the > originally-requested page. The redirect sets the login cookie, and when the > client requests the original page (due to the redirect), it will send the > login cookie. > -- > John Saunders > Internet Engineer > john.saunders@surfcontrol.com > > |
Re: Forms authentication login page
"Jerry III" <jerryiii@hotmail.com> wrote in message
news:eqv5CccbDHA.2688@TK2MSFTNGP11.phx.gbl... > I know that. That's why I would like the original request (the one where > you're not authenticated yet, NOT the request submitting your name/password) > not to be redirected to the login page but rather have the server to do > Server.Transfer to that page. There's absolutely no need for the redirect. Jerry, the original request doesn't have a page to Server.Transfer _from_! When the Url Authorization module detects that the user doesn't have access to the page, it returns a 403 error. The Forms Authentication module sees this and redirects to the login page. Note that no handler was executed on this first request, so there's no place to Server.Transfer _from_. -- John Saunders Internet Engineer john.saunders@surfcontrol.com |
Re: Forms authentication login page
Ok, I agree there's nothing to transfer from but still: the first request
comes to the ASP.NET ISAPI filter (the request processor in java speak). It checks if the user is authorized (in forms authentication it checks if the cookie exists and is valid) and if not it sends a redirect (NOT 403 error, that's sent for Basic and Digest authentication, not for forms). I would like it to process the login page at this point instead of sending the redirect, the request processor knows what page that is and there really isn't a reason not to process it directly instead of redirecting to it. Jerry "John Saunders" <john.saunders@surfcontrol.com> wrote in message news:erRBwicbDHA.3748@TK2MSFTNGP11.phx.gbl... > "Jerry III" <jerryiii@hotmail.com> wrote in message > news:eqv5CccbDHA.2688@TK2MSFTNGP11.phx.gbl... > > I know that. That's why I would like the original request (the one where > > you're not authenticated yet, NOT the request submitting your > name/password) > > not to be redirected to the login page but rather have the server to do > > Server.Transfer to that page. There's absolutely no need for the redirect. > > Jerry, the original request doesn't have a page to Server.Transfer _from_! > When the Url Authorization module detects that the user doesn't have access > to the page, it returns a 403 error. The Forms Authentication module sees > this and redirects to the login page. > > Note that no handler was executed on this first request, so there's no place > to Server.Transfer _from_. > -- > John Saunders > Internet Engineer > john.saunders@surfcontrol.com > > |
| All times are GMT. The time now is 08:16 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.