«

"Jerry III" <> wrote in message
news:%...
> Is there a way to change ASP.NET forms authentication from redirecting to
> the login page and just use Server.Transfer to it instead?

No. That wouldn't work. It has to redirect because that's when it sends the
login cookie.
--
John Saunders
Internet Engineer

It sends the login cookie BEFORE you enter your user name and password?
What's in it?

Jerry

"John Saunders" <> wrote in message
news:%...
> "Jerry III" <> wrote in message
> news:%...
> > Is there a way to change ASP.NET forms authentication from redirecting
to
> > the login page and just use Server.Transfer to it instead?
>
> No. That wouldn't work. It has to redirect because that's when it sends
the
> login cookie.
> --
> John Saunders
> Internet Engineer
>
>
>

"Jerry III" <> wrote in message
news:...
> It sends the login cookie BEFORE you enter your user name and password?
> What's in it?
>

No. After you enter your username and password and click "Ok", you validate
the username and password and if valid, call RedirectToLoginPage(...). That
puts the login cookie into Response.Cookies and then redirects to the
originally-requested page. The redirect sets the login cookie, and when the
client requests the original page (due to the redirect), it will send the
login cookie.
--
John Saunders
Internet Engineer

I know that. That's why I would like the original request (the one where
you're not authenticated yet, NOT the request submitting your name/password)
not to be redirected to the login page but rather have the server to do
Server.Transfer to that page. There's absolutely no need for the redirect.

Jerry

"John Saunders" <> wrote in message
news:OgEP$...
> "Jerry III" <> wrote in message
> news:...
> > It sends the login cookie BEFORE you enter your user name and password?
> > What's in it?
> >
>
> No. After you enter your username and password and click "Ok", you
validate
> the username and password and if valid, call RedirectToLoginPage(...).
That
> puts the login cookie into Response.Cookies and then redirects to the
> originally-requested page. The redirect sets the login cookie, and when
the
> client requests the original page (due to the redirect), it will send the
> login cookie.
> --
> John Saunders
> Internet Engineer
>
>
>

"Jerry III" <> wrote in message
news:...
> I know that. That's why I would like the original request (the one where
> you're not authenticated yet, NOT the request submitting your
name/password)
> not to be redirected to the login page but rather have the server to do
> Server.Transfer to that page. There's absolutely no need for the redirect.

Jerry, the original request doesn't have a page to Server.Transfer _from_!
When the Url Authorization module detects that the user doesn't have access
to the page, it returns a 403 error. The Forms Authentication module sees
this and redirects to the login page.

Note that no handler was executed on this first request, so there's no place
to Server.Transfer _from_.
--
John Saunders
Internet Engineer

Ok, I agree there's nothing to transfer from but still: the first request
comes to the ASP.NET ISAPI filter (the request processor in java speak). It
checks if the user is authorized (in forms authentication it checks if the
cookie exists and is valid) and if not it sends a redirect (NOT 403 error,
that's sent for Basic and Digest authentication, not for forms). I would
like it to process the login page at this point instead of sending the
redirect, the request processor knows what page that is and there really
isn't a reason not to process it directly instead of redirecting to it.

Jerry

"John Saunders" <> wrote in message
news:...
> "Jerry III" <> wrote in message
> news:...
> > I know that. That's why I would like the original request (the one where
> > you're not authenticated yet, NOT the request submitting your
> name/password)
> > not to be redirected to the login page but rather have the server to do
> > Server.Transfer to that page. There's absolutely no need for the
redirect.
>
> Jerry, the original request doesn't have a page to Server.Transfer _from_!
> When the Url Authorization module detects that the user doesn't have
access
> to the page, it returns a 403 error. The Forms Authentication module sees
> this and redirects to the login page.
>
> Note that no handler was executed on this first request, so there's no
place
> to Server.Transfer _from_.
> --
> John Saunders
> Internet Engineer
>
>
>