Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470379308
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Cover image for product 047041569X
LINQ-ifying TheBeerHouse: An N-Tier LINQ Web Application with ASP.NET 2.0 Website Programming Problem Design Solution
Wrox Blox
  Return to Index  

aspx_professional thread: Forms authentication redirects to incorrect URL

Message #1 by "Chris" <wrox@d...> on Thu, 30 Jan 2003 09:10:48 -0500
Stefano, your <authentication> section looks like things we've tried.

Your <authorization> section is different.  Ours has this rather
schizophrenic declaration:

<authorization>
  <deny users=3D"?" />
  <allow users=3D"*" />
</authorization>

I believe it means no anonymous users, windows users OK.  It's taken 
from a
lengthy Microsoft document which we followed pretty closely in designing
security for the application (we're using forms with Active Directory
authentication.)  It's repeated numerous times in that document, and 
appears
in various other Microsoft and non-Microsoft examples, so we used it.

I didn't think we needed the <location path=3D...> etc. sections that 
you
have.  Our entire app including login and web.config is in the one 
<secure>
directory.  However we'll try something closer to your configuration -
allowing all users in general authorization, and denying anonymous users 
in
a <location path=3D...> section naming the <secure> directory, and see 
if that
solves this problem.

Thanks for trying to help.


-----Original Message-----
From: Stefano Rigat [mailto:srigat@e...]
Sent: Thursday, January 30, 2003 12:11 PM
To: ASPX_Professional
Subject: [aspx_professional] RE: Forms authentication redirects to 
incorrect
URL


Chris,

here is a cut-and-paste of a section of web.config running on my PC :

 <system.web>

	..... (other things )

		<-- Authentication -->

		<authentication mode=3D"Forms">
			<forms loginUrl=3D"login/index.aspx"
name=3D".AuthCookie" timeout=3D"60" path=3D"/">
			</forms>
		</authentication>

		<authorization>
			<allow users=3D"*" />
		</authorization>

 </system.web>

	<-- This restricts the access to the folders "Aziende" and
"Aderenti" -->
	<-- If a User is not Authenticated is redirected automatically to
"login/index.aspx" -->

	<location path=3D"Aziende" allowOverride=3D"true">
		<system.web>
			<authorization>
				<deny users=3D"?" />
			</authorization>
		</system.web>
	</location>

		<location path=3D"Aderenti" allowOverride=3D"true">
		<system.web>
			<authorization>
				<deny users=3D"?" />
			</authorization>
		</system.web>
	</location>

What I find strange is the integrated security popup. It should not 
appear
at all. Try to compare your web.config setting with mine... maybe you're
missing something in the <authorization> section.

Hope this helps.

Ciao

Stefano

-----Original Message-----
From: Chris [mailto:wrox@d...]
Sent: giovedi 30 gennaio 2003 17.49
To: ASPX_Professional
Subject: [aspx_professional] RE: Forms authentication redirects to 
incorrect
URL



Stefano, we've tried various strings.  Here's a log of the results.  Are
there any we missed that are likely to succeed?


loginUrl=3D"LoginForm.aspx"

Initial login OK, but after session end redirect goes to invalid:

/<unsecure>/<unsecure>/loginForm.aspx

NOTE: this is the one we want to use (to minimize installation hassles) 
and
the one which is used in most samples we've seen.



loginUrl=3D"..\<secure>\LoginForm.aspx"

Initial login OK, but after session end redirect goes to invalid:

/<unsecure>/<unsecure>/loginForm.aspx



loginUrl=3D"http:\\localhost\<unsecure>\<secure>\LoginForm.aspx"

Initial login fails, HTTP 404 error reports trying to access

/<unsecure>/<secure>/loginForm.aspx

NOTE: this path (as much as error msg shows) is correct, but being 
reported
as HTTP 404!



loginUrl=3D"<unsecure>\<secure>\LoginForm.aspx"

Initial login fails, HTTP 404 error reports trying to access

/<unsecure>/<unsecure>/loginForm.aspx



loginUrl=3D"<unsecure>/<secure>/LoginForm.aspx"

Initial login fails, HTTP 404 error reports trying to access

/<unsecure>/<unsecure>/loginForm.aspx



loginUrl=3D"<unsecure>\<secure>\LoginForm.aspx"

Initial login fails, HTTP 404 error reports trying to access

/<unsecure>/<secure>/<unsecure>/<secure>/LoginForm.aspx



loginUrl=3D"<secure>\LoginForm.aspx"

Initial login fails, HTTP 404 error reports trying to access

/<unsecure>/<secure>/<secure>/LoginForm.aspx



loginUrl=3D"http:\\<servername>\<unsecure>\<secure>\LoginForm.aspx"

No attempt at initial login because Windows integrated security login 
pops
up



loginUrl=3D"\<unsecure>\<secure>\LoginForm.aspx"

No attempt at initial login because Windows integrated security login 
pops
up


-----Original Message-----
From: Stefano Rigat [mailto:srigat@e...]
Sent: Thursday, January 30, 2003 9:15 AM
To: ASPX_Professional
Subject: [aspx_professional] RE: Forms authentication redirects to 
incorrect
URL


Hi Chris,

try to put the full path "~/<unsecure>/<secure>/LoginForm.aspx" in the
<authentication mode=3D"Forms"> of the web.config.

Ciao

Stefano

-----Original Message-----
From: Chris [mailto:wrox@d...]
Sent: giovedi 30 gennaio 2003 15.11
To: ASPX_Professional
Subject: [aspx_professional] Forms authentication redirects to incorrect 
URL



We have a directory structure like this:

  wwwroot\<unsecure>\<secure>

Users click a link on a simple HTML page in the <unsecure> directory to
request HomePage.aspx in the <secure> directory, which contains a
forms-authenticated ASP.NET application.  The system redirects them to

  wwwroot\<unsecure>\<secure>\LoginForm.aspx

They log in, and HomePage.aspx appears.  Works perfectly.

HOWEVER, if the user leaves a page of the application open long enough 
for
the session to expire, and then tries to use the page, the system 
redirects
the request to

  wwwroot\<unsecure>\<unsecure>\LoginForm.aspx

There is no such path, and the user gets a "Resource not found" HTTP 404
error.

Where is the system getting this non-existant URL?


ADDITIONAL INFORMATION:

web.config looks like this:
<authentication mode=3D"Forms">
<forms name=3D"myCookieName" loginUrl=3D"LoginForm.aspx" 
protection=3D"All"
timeout=3D"30" path=3D"/"></forms> </authentication>

The <unsecure> directory is just simple IIS, not even configured as an 
IIS
application.  It contains only a simple HTML page and the images and css 
for
it.  The directory is set for anonymous and windows, and the anonymous 
user
is the default IUSR_MACHINE.

The <secure> directory inside it is configured as an IIS application and
includes web.config and the rest of our ASP.NET application.  It is set 
for
anonymous and windows.  The anonymous user is a domain username created 
for
the application.  The same user is configured in machine.config - in
processModel we have replaced machine/autogenerate with
domainusername/strongpassword - as per MS recommendation in Building 
Secure
ASP.NET Applications.


---
Change your mail options at http://p2p.wrox.com/manager.asp or to
unsubscribe send a blank email to 


---
Change your mail options at http://p2p.wrox.com/manager.asp or to
unsubscribe send a blank email to 



---
Change your mail options at http://p2p.wrox.com/manager.asp or to
unsubscribe send a blank email to

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy