|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Forms Authentication Not Redirecting To Login PageI have an ASP.NET application to which I have implemented forms authentication to handle security. It is a relatively straight forward solution with all aspx pages residing in the root folder. The issue I am experiencing is that when the authentication time out is activated and the user is hence unauthenticated, the browser window is on sometimes redirecting back to the login page. When the browser does or doesn't redirect to the login page seems to be defined by the page the user is trying to access as a very few aspx pages when requested will redirect to the login page correctly. This seems to be platform independed as the exact same behaviour is experienced on my local development machine running WinXPSP2 and a Win2K3 Server. Has anyone any ideas as to why this may be happening and/or have any suggestions to aid in the investagation? The web.config contents: <configuration> <system.web> <compilation defaultLanguage="c#" debug="true" /> <authentication mode="Forms"> <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" /> </authentication> <authorization> <deny users="?" /> <!-- Deny access to all unauthenticated users --> </authorization> </system.web> <location path="login.aspx"> <system.web> <authorization> <allow users="*" /> <!-- Allow all users --> </authorization> </system.web> </location> <location path="error.aspx"> <system.web> <authorization> <allow users="*" /> <!-- Allow all users --> </authorization> </system.web> </location> </configuration> Further to this, the error that is being returned when the redirect fails to
occur is: Access is denied. Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL. Error message 401.2.: You do not have permission to view this directory or page using the credentials you supplied. Contact the Web server's administrator for help. -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032 Show quoteHide quote "Stu" wrote: > Hi All, > > I have an ASP.NET application to which I have implemented forms > authentication to handle security. It is a relatively straight forward > solution with all aspx pages residing in the root folder. > > The issue I am experiencing is that when the authentication time out is > activated and the user is hence unauthenticated, the browser window is on > sometimes redirecting back to the login page. When the browser does or > doesn't redirect to the login page seems to be defined by the page the user > is trying to access as a very few aspx pages when requested will redirect to > the login page correctly. > > This seems to be platform independed as the exact same behaviour is > experienced on my local development machine running WinXPSP2 and a Win2K3 > Server. > > Has anyone any ideas as to why this may be happening and/or have any > suggestions to aid in the investagation? > > The web.config contents: > <configuration> > <system.web> > <compilation defaultLanguage="c#" debug="true" /> > <authentication mode="Forms"> > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All" > timeout="1" path="/" slidingExpiration="true" /> > </authentication> > <authorization> > <deny users="?" /> <!-- Deny access to all unauthenticated users --> > </authorization> > </system.web> > > <location path="login.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > <location path="error.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > </configuration> Hello Stu,
how about trying a longer timeout that 1 minute...? that may be an issue - take 10 or 20 minutes. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi All, > > I have an ASP.NET application to which I have implemented forms > authentication to handle security. It is a relatively straight forward > solution with all aspx pages residing in the root folder. > > The issue I am experiencing is that when the authentication time out > is activated and the user is hence unauthenticated, the browser window > is on sometimes redirecting back to the login page. When the browser > does or doesn't redirect to the login page seems to be defined by the > page the user is trying to access as a very few aspx pages when > requested will redirect to the login page correctly. > > This seems to be platform independed as the exact same behaviour is > experienced on my local development machine running WinXPSP2 and a > Win2K3 Server. > > Has anyone any ideas as to why this may be happening and/or have any > suggestions to aid in the investagation? > > The web.config contents: > <configuration> > <system.web> > <compilation defaultLanguage="c#" debug="true" /> > <authentication mode="Forms"> > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" > protection="All" > timeout="1" path="/" slidingExpiration="true" /> > </authentication> > <authorization> > <deny users="?" /> <!-- Deny access to all unauthenticated users > --> > </authorization> > </system.web> > <location path="login.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > <location path="error.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > </configuration> I have set the timeout to 1 minute just for testing purposes so that I can
replicate the issue within 1 minute rather than waiting 1/2 an hour for the issue to surface. Surely this has to be an issue with a property of some of my pages that is not set on the others. I have searched high and low for differences other that the actual code itself but cannot seem to find any differing factors about the pages. --------------------------------------------------- Cheers, Stu Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hello Stu, > > how about trying a longer timeout that 1 minute...? that may be an issue > - take 10 or 20 minutes. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > Hi All, > > > > I have an ASP.NET application to which I have implemented forms > > authentication to handle security. It is a relatively straight forward > > solution with all aspx pages residing in the root folder. > > > > The issue I am experiencing is that when the authentication time out > > is activated and the user is hence unauthenticated, the browser window > > is on sometimes redirecting back to the login page. When the browser > > does or doesn't redirect to the login page seems to be defined by the > > page the user is trying to access as a very few aspx pages when > > requested will redirect to the login page correctly. > > > > This seems to be platform independed as the exact same behaviour is > > experienced on my local development machine running WinXPSP2 and a > > Win2K3 Server. > > > > Has anyone any ideas as to why this may be happening and/or have any > > suggestions to aid in the investagation? > > > > The web.config contents: > > <configuration> > > <system.web> > > <compilation defaultLanguage="c#" debug="true" /> > > <authentication mode="Forms"> > > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" > > protection="All" > > timeout="1" path="/" slidingExpiration="true" /> > > </authentication> > > <authorization> > > <deny users="?" /> <!-- Deny access to all unauthenticated users > > --> > > </authorization> > > </system.web> > > <location path="login.aspx"> > > <system.web> > > <authorization> > > <allow users="*" /> <!-- Allow all users --> > > </authorization> > > </system.web> > > </location> > > <location path="error.aspx"> > > <system.web> > > <authorization> > > <allow users="*" /> <!-- Allow all users --> > > </authorization> > > </system.web> > > </location> > > </configuration> > > > > 
Other interesting topics
Import RSA parameters from .PEM format
CryptoAPI, System.Security.Cryptography Interoperability .NET 2.0 Membership "role context" Getting User Information from a SID Authenticate User in Windows 2000 machine LogonUser Succeeds - but fails later IsInRole & SID/Token Caching in .NET v1.1 Cryptography implementation using memeorystream Get an unauthenticated windowsIdentity? Weird registry behavior when writing to custom event log |
|||||||||||||||||||||||
