Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
|
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 3rd, 2009, 04:59 PM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Response.Redirect not working

I'm working on a new C# ASP.NET application, using VS 2005, and am just about tearing my hair out trying to get Response.Redirect to work properly on our intranet. The requirement is that users are not to have direct access to any page except for the login page, and that after logging in successfully they are to be re-directed to Main.aspx, and NOT to whatever page they originally requested. My web.config file contains this code:

<authentication mode="Forms">
<forms name="SchoolCensus2" loginUrl="Default.aspx" timeout="30"
protection="All" defaultUrl="Main.aspx"></forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<sessionState cookieless="true" />

In my login form (Default.aspx), I'm executing the following code if, and only if, the user correctly enters a user name and password:

HttpCookie AuthCookie = FormsAuthentication.GetAuthCookie(txtUserName.
Text, false);
AuthCookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(AuthCookie);
Response.Redirect(Utility.ExtractPath(Request.Url. ToString()) +
"Main.aspx");
FormsAuthentication.SetAuthCookie(txtUserName.Text , false);

I've tried this in all sorts of different permutations (both with and without the <allow users="*" /> element, both with and without the <sessionState cookieless="true" /> element, both with and without the FormsAuthentication.SetAuthCookie(txtUserName.Text , false); statement, etc.), but the results are always the same: it works perfectly on my workstation using the development server included with VS, but refuses to budge off the login page when running from our intranet. On my machine, any attempt to access any page is automatically re-directed to the login page; only when the user successfully enters a user name and password there are they re-directed to Main.aspx. On the intranet, when they enter the correct user name and password, the login page is simply re-displayed, with the address "http://intranet/[app_path]/Default.aspx?ReturnUrl=/[app_path]/Main.aspx" displayed in the address bar.

I cannot use FormsAuthentication.RedirectFromLoginPage, as some have suggested to me, because that method re-directs the user to the page they originally requested, which defeats my purpose. I don't want to use Server.Transfer, primarily because it breaks the normal relationship between the displayed URL and the displayed page, which can make debugging especially ugly, and also because it does not verify authorization as Response.Redirect does.

I'm at wits end trying to troubleshoot this, and will greatly appreciate any help.
 
Old August 3rd, 2009, 06:13 PM
Friend of Wrox
 
Join Date: Jun 2008
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default

Well, for one thing, the line
Code:
FormsAuthentication.SetAuthCookie(txtUserName.Text  , false);
will *never* be executed (if the redirect works). Redirect means "right now, go to the other page, don't do anything else."

No idea if that's the problem, but just for starters I'd move that line to *before* the redirect.

Then the other thing you might do, for debugging, is redirect to some HTML page, instead. Just in case the problem is that, when you hit the Main.aspx page, it is sending you right back to this page. If you redirect to an HTML page, where no authentication is possible, that can't happen, and you'll know what has happened.

Pure guesses.
 
Old August 3rd, 2009, 08:10 PM
Lee Dumond's Avatar
Wrox Author
 
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

When I first read this, I had the exact same conclusion as Pedant.

You are redirecting to Main.aspx before the authentication cookie is set. Therefore, the user is not logged in when the redirection takes place.

Since you have <deny users="?" /> this means that all pages in the application are secured and require authentication, including of course Main.aspx. Since the user is not authenticated when you redirect them there, the runtime says "Whoops! Gotta make this user authenticate!" and sends him straight to the Default.aspx login page.

The return Url is set to Main.aspx because that is the page you sent the user to, and that is the page that is asking for the authentication.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
 
Old August 4th, 2009, 10:59 AM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default the mystery continues

Dear Old & Lee:

I re-arranged the code so that the
Code:
FormsAuthentication.SetAuthCookie
statement is now before the
Code:
Response.Redirect
statement, and tried it again. The result was the same - on my PC using the VS development server, the user is re-directed to Main.aspx after a correct login, but when I publish the application to the intranet and run it there, the user is stuck on the login page even after a correct login.

I then changed the
Code:
Response.Redirect
statement so that it re-directs to the Google home page, rather than a locally hosted page, and that works correctly both on my PC and on the intranet.

So, I'm not sure where that leaves me. Do I need to adjust some setting on IIS on the intranet, or what would you suggest?

Thanks again!
 
Old August 4th, 2009, 11:24 AM
Lee Dumond's Avatar
Wrox Author
 
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

I would also get rid of the line:

Response.Cookies.Add(AuthCookie);

Since SetAuthCookie automatically adds the cookie to the response, this line means you are essentially adding the cookie twice, and that may be messing you up.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
 
Old August 4th, 2009, 11:40 AM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, Lee, but that didn't make any difference either. After commenting out the Response.Cookies.Add statement, the code is now:
Code:
        HttpCookie AuthCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text, false);
        AuthCookie.Expires = DateTime.Now.AddMinutes(3);
        //Response.Cookies.Add(AuthCookie);
        FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
        Response.Redirect(Utility.ExtractPath(Request.Url.ToString()) + "Main.aspx");
but the result is the same - it works locally but not on the intranet. Any other ideas?
 
Old August 5th, 2009, 12:05 PM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The problem turned out to be none of the above. For some reason, including the path (or what I thought was the path) to the page in the call to Response.Redirect works locally, but does not work on the intranet. I removed the path information, and included only the page name (i.e., Response.Redirect("Main.aspx");), and now it works correctly in both places.

Thanks to Lee and Old for their suggestions.

Last edited by silverblatt; August 5th, 2009 at 12:07 PM..
 
Old August 5th, 2009, 01:50 PM
Lee Dumond's Avatar
Wrox Author
 
Join Date: Jan 2008
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

Not knowing what kind of output you were getting from the ExtractPath method, that would have been a tough one to catch on a forum.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
 
Old August 5th, 2009, 01:54 PM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, it would have been tough to catch on a forum. As it turned out, it was a tough one to catch in person as well - it worked locally, it seemed to make sense, so I never thought to question it. It was only when I consulted with another developer and noticed that he was specifying the page name without a path that the light bulb went on in my head ...





Similar Threads
Thread Thread Starter Forum Replies Last Post
response.redirect sarah lee ASP.NET 1.0 and 1.1 Basics 1 October 27th, 2006 08:57 AM
response.redirect ava_h .NET Framework 2.0 0 October 18th, 2006 10:21 PM
response.redirect crmpicco Classic ASP Basics 3 February 9th, 2005 01:50 AM
What is an alternative for Response.Redirect pcshan Classic ASP Basics 3 April 28th, 2004 02:10 PM
Response.Redirect dhborchardt Classic ASP Basics 4 June 16th, 2003 05:56 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.