Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old August 3rd, 2009, 04:59 PM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Response.Redirect not working

I'm working on a new C# ASP.NET application, using VS 2005, and am just about tearing my hair out trying to get Response.Redirect to work properly on our intranet. The requirement is that users are not to have direct access to any page except for the login page, and that after logging in successfully they are to be re-directed to Main.aspx, and NOT to whatever page they originally requested. My web.config file contains this code:

<authentication mode="Forms">
<forms name="SchoolCensus2" loginUrl="Default.aspx" timeout="30"
protection="All" defaultUrl="Main.aspx"></forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<sessionState cookieless="true" />

In my login form (Default.aspx), I'm executing the following code if, and only if, the user correctly enters a user name and password:

HttpCookie AuthCookie = FormsAuthentication.GetAuthCookie(txtUserName.
Text, false);
AuthCookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(AuthCookie);
Response.Redirect(Utility.ExtractPath(Request.Url. ToString()) +
"Main.aspx");
FormsAuthentication.SetAuthCookie(txtUserName.Text , false);

I've tried this in all sorts of different permutations (both with and without the <allow users="*" /> element, both with and without the <sessionState cookieless="true" /> element, both with and without the FormsAuthentication.SetAuthCookie(txtUserName.Text , false); statement, etc.), but the results are always the same: it works perfectly on my workstation using the development server included with VS, but refuses to budge off the login page when running from our intranet. On my machine, any attempt to access any page is automatically re-directed to the login page; only when the user successfully enters a user name and password there are they re-directed to Main.aspx. On the intranet, when they enter the correct user name and password, the login page is simply re-displayed, with the address "http://intranet/[app_path]/Default.aspx?ReturnUrl=/[app_path]/Main.aspx" displayed in the address bar.

I cannot use FormsAuthentication.RedirectFromLoginPage, as some have suggested to me, because that method re-directs the user to the page they originally requested, which defeats my purpose. I don't want to use Server.Transfer, primarily because it breaks the normal relationship between the displayed URL and the displayed page, which can make debugging especially ugly, and also because it does not verify authorization as Response.Redirect does.

I'm at wits end trying to troubleshoot this, and will greatly appreciate any help.
Reply With Quote
  #2 (permalink)  
Old August 3rd, 2009, 06:13 PM
Friend of Wrox
 
Join Date: Jun 2008
Location: Snohomish, WA, USA
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default

Well, for one thing, the line
Code:
FormsAuthentication.SetAuthCookie(txtUserName.Text  , false);
will *never* be executed (if the redirect works). Redirect means "right now, go to the other page, don't do anything else."

No idea if that's the problem, but just for starters I'd move that line to *before* the redirect.

Then the other thing you might do, for debugging, is redirect to some HTML page, instead. Just in case the problem is that, when you hit the Main.aspx page, it is sending you right back to this page. If you redirect to an HTML page, where no authentication is possible, that can't happen, and you'll know what has happened.

Pure guesses.
Reply With Quote
  #3 (permalink)  
Old August 3rd, 2009, 08:10 PM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

When I first read this, I had the exact same conclusion as Pedant.

You are redirecting to Main.aspx before the authentication cookie is set. Therefore, the user is not logged in when the redirection takes place.

Since you have <deny users="?" /> this means that all pages in the application are secured and require authentication, including of course Main.aspx. Since the user is not authenticated when you redirect them there, the runtime says "Whoops! Gotta make this user authenticate!" and sends him straight to the Default.aspx login page.

The return Url is set to Main.aspx because that is the page you sent the user to, and that is the page that is asking for the authentication.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
Reply With Quote
  #4 (permalink)  
Old August 4th, 2009, 10:59 AM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default the mystery continues

Dear Old & Lee:

I re-arranged the code so that the
Code:
FormsAuthentication.SetAuthCookie
statement is now before the
Code:
Response.Redirect
statement, and tried it again. The result was the same - on my PC using the VS development server, the user is re-directed to Main.aspx after a correct login, but when I publish the application to the intranet and run it there, the user is stuck on the login page even after a correct login.

I then changed the
Code:
Response.Redirect
statement so that it re-directs to the Google home page, rather than a locally hosted page, and that works correctly both on my PC and on the intranet.

So, I'm not sure where that leaves me. Do I need to adjust some setting on IIS on the intranet, or what would you suggest?

Thanks again!
Reply With Quote
  #5 (permalink)  
Old August 4th, 2009, 11:24 AM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

I would also get rid of the line:

Response.Cookies.Add(AuthCookie);

Since SetAuthCookie automatically adds the cookie to the response, this line means you are essentially adding the cookie twice, and that may be messing you up.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
Reply With Quote
  #6 (permalink)  
Old August 4th, 2009, 11:40 AM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, Lee, but that didn't make any difference either. After commenting out the Response.Cookies.Add statement, the code is now:
Code:
        HttpCookie AuthCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text, false);
        AuthCookie.Expires = DateTime.Now.AddMinutes(3);
        //Response.Cookies.Add(AuthCookie);
        FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
        Response.Redirect(Utility.ExtractPath(Request.Url.ToString()) + "Main.aspx");
but the result is the same - it works locally but not on the intranet. Any other ideas?
Reply With Quote
  #7 (permalink)  
Old August 5th, 2009, 12:05 PM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The problem turned out to be none of the above. For some reason, including the path (or what I thought was the path) to the page in the call to Response.Redirect works locally, but does not work on the intranet. I removed the path information, and included only the page name (i.e., Response.Redirect("Main.aspx");), and now it works correctly in both places.

Thanks to Lee and Old for their suggestions.

Last edited by silverblatt; August 5th, 2009 at 12:07 PM..
Reply With Quote
  #8 (permalink)  
Old August 5th, 2009, 01:50 PM
Lee Dumond's Avatar
Wrox Author
Points: 4,942, Level: 29
Points: 4,942, Level: 29 Points: 4,942, Level: 29 Points: 4,942, Level: 29
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2008
Location: Decatur, IL, USA.
Posts: 923
Thanks: 12
Thanked 166 Times in 162 Posts
Default

Not knowing what kind of output you were getting from the ExtractPath method, that would have been a tough one to catch on a forum.
__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Code:
if (this.PostHelpedYou)
{
   ClickThanksButton(); 
}
Reply With Quote
  #9 (permalink)  
Old August 5th, 2009, 01:54 PM
Registered User
 
Join Date: Aug 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, it would have been tough to catch on a forum. As it turned out, it was a tough one to catch in person as well - it worked locally, it seemed to make sense, so I never thought to question it. It was only when I consulted with another developer and noticed that he was specifying the page name without a path that the light bulb went on in my head ...
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
response.redirect sarah lee ASP.NET 1.0 and 1.1 Basics 1 October 27th, 2006 08:57 AM
response.redirect ava_h .NET Framework 2.0 0 October 18th, 2006 10:21 PM
response.redirect crmpicco Classic ASP Basics 3 February 9th, 2005 01:50 AM
What is an alternative for Response.Redirect pcshan Classic ASP Basics 3 April 28th, 2004 02:10 PM
Response.Redirect dhborchardt Classic ASP Basics 4 June 16th, 2003 05:56 AM



All times are GMT -4. The time now is 06:32 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.