Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > .NET > .NET 2.0 and Visual Studio. 2005 > .NET Framework 2.0
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
.NET Framework 2.0 For discussion of the Microsoft .NET Framework 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the .NET Framework 2.0 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old May 12th, 2008, 10:06 PM
Authorized User
 
Join Date: Mar 2006
Location: pune, Maharashtra, India.
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to anup_daware Send a message via MSN to anup_daware Send a message via Yahoo to anup_daware
Default Application control is redirecting to the login pa

Hi All,

I am facing this very weird issue, for every server request my control is redirecting to the login page and again coming back to the actual page from where the request was initiated when I set my custom Remember be cookie on the login page. Following are the details:

1. Authentication mode is ‘Forms’

2. This issue is reproducible only in deployed applications, I found this using my trace and remote debugging

3. This issue occurs only when user selects the ‘Remember Me’ option at the time of login, then I set the custom cookie for storing the user info. (inbuilt Remember Me of login control is not used as I need the fixed expiration and not the sliding one)

4. It is also observed that issue occurs only when I create a msi and deploy it, if I just take the code and publish it on server the application works fine and there are no unnecessary redirections to login

5. Application is Ajax enabled


//Following is the code where I set the cookie used for remember me:
2 // To store the authentication cookie.
3 HttpCookie myTLCookie = new HttpCookie("UserCookie");
4 Response.Cookies.Remove("UserCookie");
5 //Save username and password in the cookie.
6 myTLCookie.Values["Username"] = LoginTyreLink.UserName;
7 myTLCookie.Values["Password"] = LoginTyreLink.Password;
8 myTLCookie.Values["LanguageCodeForMegaFleet"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(6, 3);
9 myTLCookie.Values["UICulture"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(0, 5);
10 myTLCookie.Values["Culture"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(0, 5);
11 myTLCookie.Values["LanguageForTyreDetails"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(10) ;
12 myTLCookie.Values["ClientOffsetTime"] = SessionManager.CurrentUser.GetTimezoneOffset().ToS tring();
13
14 // Read the expiry period from the session and set the cookie life time of the cookie accordingly.
15 // Note that the client local time is used to decide the cookie expiry time
16 myTLCookie.Expires = Time.AddHours(double.Parse(ConfigurationManager.Ap pSettings.Get("SessionTimeout").ToString()));
17 try
18 {
19 HttpCookie encodedCookie = Utilities.HttpSecureCookie.Encode(myTLCookie);
20 Response.Cookies.Add(encodedCookie);
21 }
22 catch (Exception exp)
23 {
24 HandleException(exp);
25 }
26
  //Following the is the code that reads the Remember Me cookie at the time of load of login page and sets the authentication cookie:
2 if (Request.Cookies.Get("UserCookie") != null)
3 {
4 HttpCookie cookie = Request.Cookies.Get("UserCookie");
5 HttpCookie decodedCookie = Utilities.HttpSecureCookie.Decode(cookie);
6 if (decodedCookie.Values["Username"] != null && decodedCookie.Values["Password"] != null)
7 {
8 if (ValidateUser(decodedCookie.Values["Username"].ToString(), decodedCookie.Values["Password"].ToString(),0.0))
9 {
10 FormsAuthentication.SetAuthCookie(decodedCookie.Va lues["Username"].ToString(), false);
11 Response.Redirect(LoginControl.DestinationPageUrl) ;
12 }
13 }
14 }


While I am probably almost certain that the issue is with Forms Authentication and Cookies, I am not able figure out what it could be. Please help.

Thanks,

Anup




--Everything you can imagine is real.--
__________________
--Everything you can imagine is real.--
Reply With Quote
  #2 (permalink)  
Old May 13th, 2008, 03:13 AM
samjudson's Avatar
Friend of Wrox
Points: 8,687, Level: 40
Points: 8,687, Level: 40 Points: 8,687, Level: 40 Points: 8,687, Level: 40
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2007
Location: Newcastle, , United Kingdom.
Posts: 2,128
Thanks: 1
Thanked 189 Times in 188 Posts
Default

Firstly, you appear to be storing the users password in a cookie, which will then be stored on the users PC - this is a HUGE security hole and you should remove it immediately.

If you need sliding expiration then just set slidingExpiration="true" in the web.config - you can then use the built in remember me button and hopefully that will solve all your problems.

/- Sam Judson : Wrox Technical Editor -/
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bugbase - Selected application on login nakori BOOK: ASP.NET 2.0 Instant Results ISBN: 978-0-471-74951-6 1 June 23rd, 2008 12:56 PM
Login Application Help Please Shalinar VB.NET 2002/2003 Basics 5 July 16th, 2007 01:01 PM
Login/Password Java application larry Apache Tomcat 2 December 20th, 2005 04:42 AM
Redirecting control madkaikar_ashish General .NET 0 February 3rd, 2005 01:40 AM



All times are GMT -4. The time now is 08:44 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.