Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > :o( .... Client not redirected to login page.

Reply
Thread Tools

:o( .... Client not redirected to login page.

 
 
M O J O
Guest
Posts: n/a
 
      09-22-2004
Hi,

I have a huge problem.

I'm using cookieless sessionstate. When I try to access a "secure" page
(that is, a page that requires the user has logged in), the user is
redirected to the login page perfectly - no problem.

But when the user IS logged in, and he manually remove the cookie part from
the url (in the address bar) and hit enter, this creates a new session and
when he tries to access my "secure" page again, he is NOT sendt to the login
page. (

What am I doning wrong?

Here's some of my code:

WEB.CONFIG....

<authentication mode="Forms">
<forms name="MyTestApp" path="/" loginUrl="login.aspx" protection="All"
timeout="25"></forms>
</authentication>

<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="true" timeout="30" />


LOGIN.ASPX

Dim ticket As New FormsAuthenticationTicket(1, "TestUser",
System.DateTime.Now, System.DateTime.Now.AddMinutes(30), False, "MyTestApp",
FormsAuthentication.FormsCookiePath)

' Encrypt the ticket.
Dim encTicket As String = FormsAuthentication.Encrypt(ticket)

' Create the cookie.
.Response.Cookies.Add(New
HttpCookie(FormsAuthentication.FormsCookieName, encTicket))



Thank you in advance!

M O J O


 
Reply With Quote
 
 
 
 
=?Utf-8?B?U2NvdHQgU2ltb25z?=
Guest
Posts: n/a
 
      09-22-2004
You are using cookieless sessions. Your authentication info is stored in
cookies still. Look at your code, you have a Response.Cookies.Add where you
take care of the auth. That info in the url is just the session ID.
 
Reply With Quote
 
 
 
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      09-23-2004
Hi MOJO,

As for the authentication problem you mentioned, I think Scott.'s
suggestion is reasonable. The ASP.NET'S
FormsAuthentication is based on cookie(use cookie to store authentication
ticket). So I think your client user may not enable the cookie since you
use cookieless session, yes? If the client browser disable cooie, the
formsauthentication won't work. To confirm this, you can make a test page
which write some cookie value to client and retrieve them again from client
to see whether the clientside can accept cookie.
In addition, if you are sure that your application is aim at "no cookie
client", I suggest that you manually implement your authentication and
store the authentication ticket in the Session collection after the user
login.
If you have any other questions, please feel free to post here. Thanks.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      09-27-2004
Hi MOJO,

Have you had a chance to check out the suggestions in my last reply or have
you got any further ideas on this issue? If you have anything unclear or if
there're anything else we can help, please feel free to post here.

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

 
Reply With Quote
 
M O J O
Guest
Posts: n/a
 
      09-27-2004
Hi Steven,

Yes and thank you!

I was sad to find out that Form authentication used cookies.

I found this article and implemented in my website:

www.codeproject.com/aspnet/cookieless.asp

Thank you again for helping me out!

M O J O

"Steven Cheng[MSFT]" <(E-Mail Removed)> skrev i en meddelelse
news:F%(E-Mail Removed)...
> Hi MOJO,
>
> Have you had a chance to check out the suggestions in my last reply or
> have
> you got any further ideas on this issue? If you have anything unclear or
> if
> there're anything else we can help, please feel free to post here.
>
> Thanks.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      09-27-2004
Hi MOJO,

You are welcome! Yes, I've also read the "cookieless formsauthentication"
article in codeproject and since it's implemented via url querystring, it
may cause some other problems sometimes. Anyway, thanks again for your
posting and please feel free to post here if you have any problems in the
furture

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
webservice call redirected to login page fredd00 ASP .Net 0 07-02-2008 07:24 PM
Passing variable between asp login page and the redirected page Steve ASP .Net 2 11-01-2007 11:32 AM
Using Form based Authenication and still getting redirected back to the login page Irishmaninusa ASP .Net Security 0 09-23-2004 03:02 PM
You are about to be redirected to a connection that is not secure Steve Harris ASP .Net 6 09-23-2004 09:36 AM
"file not found redirected to homepage" How? torlissa HTML 4 11-13-2003 11:47 PM



Advertisments