|
Forms Authentication - Sudden Redirect Failure on Login
I have a strange problem, for months now we have had a dotnet 2.0 application
(previously 1.1 but now upgraded) running on a 2003 server without issue. A recent small change was made to the sites underlying code and tested on the development platform of Windows XP, migrated to the QA platform (a Win 2003 server) and finally migrated to production. Just when you think you are following best practice procedures and fully testing in each environment the production system fails the login (forms authentication) for everyone. Now the change was to the binary alone so that's all that was replaced (I am using the VS2005 Web Deployment Project tool), so reverting the single old binary in the bin folder brought back the old login functionality. The code was reviewed, nothing in the login process was altered, debugging was added to show that the user was actually authenticated and retrieval of user data from the login further confirmed that. Its just when the redirect happens (confirmed correct with debug.writeline of GetRedirectUrl) that it seems forms authentication intercepts again and redisplays the login page (as if via a redirect, is not a postback). I have installed fiddler and it looks like the authentication cookie is correctly placed, I have even tried setting the authentication as cookieless, still the problem persists. I have also moved the code binary (and site) to another win2003 server box, again all works fine. Move the binary back to the production server and the login fails on redirect again! I can only assume there is something wrong with the .Net framework on the production server so did the following: Shut down IIS, delete the cache from C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temp orary ASP.NET Files (using shift delete, and empty the recycle bin to be sure) Restart IIS and observe the recreation of the cache. Still the problem persists, I am lost and at wits end! I have changes that need to go into production and short of rebuilding the machine (I know that would fix it) I have run out of ideas. Does anyone have some fresh ideas or experienced this before themselves -- Regards Stephen Davies |
RE: Forms Authentication - Sudden Redirect Failure on Login
Hello Stephen,
I suggest you may create a very simple form authentication web application and deply to the production server, to test if it is a IIS or .NET framework issue. Also, did the problem occur you update a new version of the binary assembly? Is the web.config file changed before the problem happened? Regards, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) |
RE: Forms Authentication - Sudden Redirect Failure on Login
Thanks for the response Luke
"Luke Zhang [MSFT]" wrote: > I suggest you may create a very simple form authentication web application > and deply to the production server, to test if it is a IIS or .NET > framework issue. How does this point to an IIS or .Net issue? I have the application deployed in a Production and Test site on the same IIS Server (different IP addresses & domain names) with the problem exhibiting the same symptoms on both sites. Move the same code (binary & aspx) to any number of other Win2003, Win2K and WinXp machines and the code works perfectly (as it has done for more that 12 months). >Also, did the problem occur you update a new version of > the binary assembly? Yes, the previous binary (on the production machine) still works (for some odd reason) >Is the web.config file changed before the problem happened? Nope. > > Regards, > > Luke Zhang > Microsoft Online Community Lead > > ================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > ================================================== > > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > > |
RE: Forms Authentication - Sudden Redirect Failure on Login
Hello,
Thank you for the update. Have you tried compile the project on the production server? Also, I saw you work with VS2005 and your original project is with .NET framework 1.1. Is it possible there is problem on .NET framework version? You may check the site's property in IIS manager, and select the ASP.NET tab, the .NET framework version registered is there. Regards, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) |
RE: Forms Authentication - Sudden Redirect Failure on Login
"Luke Zhang [MSFT]" wrote:
> Hello, > > Thank you for the update. Have you tried compile the project on the > production server? This is not an option as the machine is a dedicated server (lots of red tape to get through). Shouldn't make any difference. I think you are missing the point here. The application has worked for nearly 12 months on this machine under the dotnet 2.0 framework, I can copy the site to other machines (that are dotnet 2.0) and the login process redirect works perfectly (win2k, win2003 and XP). I am sure its something in the framework that needs tending to, I just don't know what. >Also, I saw you work with VS2005 and your original > project is with .NET framework 1.1. It was upgraded to 2.0 >Is it possible there is problem on .NET framework version? No, it is 2.0, it wouldn't work at all compiled with vs2005 if the framework was 1.1 >You may check the site's property in IIS manager, and > select the ASP.NET tab, the .NET framework version registered is there. > > Regards, > > Luke Zhang > Microsoft Online Community Lead > > ================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > ================================================== > > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > > |
RE: Forms Authentication - Sudden Redirect Failure on Login
Hello Stephen,
Could you please show us the code you used for form authentication, for example, how did you call RedirectFromLoginPage method in your code? Is CookiePath specified in the method? Thanks, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) |
RE: Forms Authentication - Sudden Redirect Failure on Login
Remember this authentication method has been working for 6 months or more
under .net 2.0 and at least 12 months before that under .net 1.1. The executable currently running on the box is still working!!! Its just when I recompile this one it fails. Move the executable and pages to another machines its fine, move it back to this one and it fails. This is what makes me think its a .net thing not a code this but here it is anyway: DateTime dtTimeout; if (bPersistant) dtTimeout = DateTime.Now.AddMonths(6); else dtTimeout = DateTime.Now.AddMinutes(60); FormsAuthentication.Initialize(); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // Ticket version strUser.ToUpper(), // Username associated with ticket DateTime.Now, // Date/time issued dtTimeout, // Date/time to expire bPersistant, // "true" for a persistent user cookie role, // User-data, in this case the roles FormsAuthentication.FormsCookiePath); // Path cookie valid for // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); if (redirectURL == null || redirectURL == "noRedirect") return; Debug.WriteLine("FormsAuthCore set cookie lastlogin->" + strUser.ToUpper()); SetCookie("lastlogin", strUser.ToUpper()); Debug.WriteLine("FormsAuthCore - Redirect to ->" + redirectURL); Response.Redirect(redirectURL); The last Debug.WriteLine has the correct redirectURL in it, it is just intercepted and front ended with the login page once again with the requested redirect URL (target secured page) in the ReturnUrl querystring variable. -- Regards Stephen Davies "Luke Zhang [MSFT]" wrote: > Hello Stephen, > > Could you please show us the code you used for form authentication, for > example, how did you call RedirectFromLoginPage method in your code? Is > CookiePath specified in the method? > > Thanks, > > Luke Zhang > Microsoft Online Community Lead > > ================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > ================================================== > > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > > |
RE: Forms Authentication - Sudden Redirect Failure on Login
Didn't have the methods header on the last post so here is it complete:
/// <summary> /// The central core for processing the forms authentication /// This has been located in the common PageBase to allow /// external function to call it and automatically log the /// user into the system. /// </summary> /// <param name="redirectURL"></param> /// <param name="role"></param> /// <param name="strUser"></param> protected void FormsAuthCore(string redirectURL, string role, string strUser, bool bPersistant) { DateTime dtTimeout; if (bPersistant) dtTimeout = DateTime.Now.AddMonths(6); else dtTimeout = DateTime.Now.AddMinutes(60); FormsAuthentication.Initialize(); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // Ticket version strUser.ToUpper(), // Username associated with ticket DateTime.Now, // Date/time issued dtTimeout, // Date/time to expire bPersistant, // "true" for a persistent user cookie role, // User-data, in this case the roles FormsAuthentication.FormsCookiePath); // Path cookie valid for // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); if (redirectURL == null || redirectURL == "noRedirect") return; // Don't call FormsAuthentication.RedirectFromLoginPage since it could // replace the authentication ticket (cookie) we just added // string fred = FormsAuthentication.GetRedirectUrl(strUser, false); // Debug.WriteLine("FormsAuthCore GetRedirectURL (not used) ->" + fred); Debug.WriteLine("FormsAuthCore set cookie lastlogin->" + strUser.ToUpper()); SetCookie("lastlogin", strUser.ToUpper()); Debug.WriteLine("FormsAuthCore - Redirect to ->" + redirectURL); Response.Redirect(redirectURL); } -- Regards Stephen Davies "Luke Zhang [MSFT]" wrote: > Hello Stephen, > > Could you please show us the code you used for form authentication, for > example, how did you call RedirectFromLoginPage method in your code? Is > CookiePath specified in the method? > > Thanks, > > Luke Zhang > Microsoft Online Community Lead > > ================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > ================================================== > > (This posting is provided "AS IS", with no warranties, and confers no > rights.) > > |
RE: Forms Authentication - Sudden Redirect Failure on Login
Hello Stephen,
Thank you for the code. After review the code, I suggest you may check following issues: 1. Since you have check the redirectURL, and confirm it is correct. You may also check these values: FormsCookiePath, DateTime.Now and dtTimeout. ( I understand the system has been working for months, and these values are almost no problem. But it is still worthy of a try to ensure we have check everything there). 2. Temporarily use FormsAuthentication.RedirectFromLoginPage instead setting cookies by code. (Just ensure there is no problem on the cookies ). Please let me the result of above tests. I am looking forward to hear from you. Sincerely, Luke Zhang Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscripti...t/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. |
RE: Forms Authentication - Sudden Redirect Failure on Login
FormCookiePath is "/"
dtTimeout set to one hour from the login time (in the case of non persistent) DateTime.Now is correct Removing the code // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); if (redirectURL == null || redirectURL == "noRedirect") return; // Don't call FormsAuthentication.RedirectFromLoginPage since it could // replace the authentication ticket (cookie) we just added // string fred = FormsAuthentication.GetRedirectUrl(strUser, false); // Debug.WriteLine("FormsAuthCore GetRedirectURL (not used) ->" + fred); Debug.WriteLine("FormsAuthCore set cookie lastlogin->" + strUser.ToUpper()); SetCookie("lastlogin", strUser.ToUpper()); Debug.WriteLine("FormsAuthCore - Redirect to ->" + redirectURL); Response.Redirect(redirectURL); ---------------------------------------------------------------- and replacing with ---------------------------------------------------------------- FormsAuthentication.RedirectFromLoginPage(strUser. ToUpper(), bPersistant); return; Yields the problem on ALL platforms, the redirect does not happen. Switch back to the original code and it functions correctly (with the redirect to the desired secured page), interesting? The redirect still gets intercepted by the login authorisation on the production platform in either scenario. Regards Stephen Davies -- Regards Stephen Davies "Luke Zhang [MSFT]" wrote: > Hello Stephen, > > Thank you for the code. After review the code, I suggest you may check > following issues: > > 1. Since you have check the redirectURL, and confirm it is correct. You may > also check these values: FormsCookiePath, DateTime.Now and dtTimeout. ( I > understand the system has been working for months, and these values are > almost no problem. But it is still worthy of a try to ensure we have check > everything there). > 2. Temporarily use FormsAuthentication.RedirectFromLoginPage instead > setting cookies by code. (Just ensure there is no problem on the cookies ). > > Please let me the result of above tests. I am looking forward to hear from > you. > > Sincerely, > > Luke Zhang > > Microsoft Online Community Support > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscripti...ult.aspx#notif > ications. > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscripti...t/default.aspx. > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > |
| All times are GMT. The time now is 02:47 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.