Wrox Programmer Forums
Go Back   Wrox Programmer Forums > .NET > .NET 2.0 and Visual Studio. 2005 > .NET Framework 2.0
Reload this Page Application control is redirecting to the login pa
|
.NET Framework 2.0 For discussion of the Microsoft .NET Framework 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the .NET Framework 2.0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 12th, 2008, 10:06 PM
Authorized User
  
Join Date: Mar 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to anup_daware Send a message via MSN to anup_daware Send a message via Yahoo to anup_daware
Default Application control is redirecting to the login pa
Hi All,

I am facing this very weird issue, for every server request my control is redirecting to the login page and again coming back to the actual page from where the request was initiated when I set my custom Remember be cookie on the login page. Following are the details:

1. Authentication mode is ‘Forms’

2. This issue is reproducible only in deployed applications, I found this using my trace and remote debugging

3. This issue occurs only when user selects the ‘Remember Me’ option at the time of login, then I set the custom cookie for storing the user info. (inbuilt Remember Me of login control is not used as I need the fixed expiration and not the sliding one)

4. It is also observed that issue occurs only when I create a msi and deploy it, if I just take the code and publish it on server the application works fine and there are no unnecessary redirections to login

5. Application is Ajax enabled


//Following is the code where I set the cookie used for remember me:
2 // To store the authentication cookie.
3 HttpCookie myTLCookie = new HttpCookie("UserCookie");
4 Response.Cookies.Remove("UserCookie");
5 //Save username and password in the cookie.
6 myTLCookie.Values["Username"] = LoginTyreLink.UserName;
7 myTLCookie.Values["Password"] = LoginTyreLink.Password;
8 myTLCookie.Values["LanguageCodeForMegaFleet"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(6, 3);
9 myTLCookie.Values["UICulture"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(0, 5);
10 myTLCookie.Values["Culture"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(0, 5);
11 myTLCookie.Values["LanguageForTyreDetails"] = (((DropDownList)LoginTyreLink.FindControl("dropDow nListLanguage")).SelectedItem.Value).Substring(10) ;
12 myTLCookie.Values["ClientOffsetTime"] = SessionManager.CurrentUser.GetTimezoneOffset().ToS tring();
13
14 // Read the expiry period from the session and set the cookie life time of the cookie accordingly.
15 // Note that the client local time is used to decide the cookie expiry time
16 myTLCookie.Expires = Time.AddHours(double.Parse(ConfigurationManager.Ap pSettings.Get("SessionTimeout").ToString()));
17 try
18 {
19 HttpCookie encodedCookie = Utilities.HttpSecureCookie.Encode(myTLCookie);
20 Response.Cookies.Add(encodedCookie);
21 }
22 catch (Exception exp)
23 {
24 HandleException(exp);
25 }
26
  //Following the is the code that reads the Remember Me cookie at the time of load of login page and sets the authentication cookie:
2 if (Request.Cookies.Get("UserCookie") != null)
3 {
4 HttpCookie cookie = Request.Cookies.Get("UserCookie");
5 HttpCookie decodedCookie = Utilities.HttpSecureCookie.Decode(cookie);
6 if (decodedCookie.Values["Username"] != null && decodedCookie.Values["Password"] != null)
7 {
8 if (ValidateUser(decodedCookie.Values["Username"].ToString(), decodedCookie.Values["Password"].ToString(),0.0))
9 {
10 FormsAuthentication.SetAuthCookie(decodedCookie.Va lues["Username"].ToString(), false);
11 Response.Redirect(LoginControl.DestinationPageUrl) ;
12 }
13 }
14 }


While I am probably almost certain that the issue is with Forms Authentication and Cookies, I am not able figure out what it could be. Please help.

Thanks,

Anup




--Everything you can imagine is real.--
__________________
--Everything you can imagine is real.--
 
Old May 13th, 2008, 03:13 AM
samjudson's Avatar
Friend of Wrox
  
Join Date: Aug 2007
Posts: 2,128
Thanks: 1
Thanked 189 Times in 188 Posts
Default
Firstly, you appear to be storing the users password in a cookie, which will then be stored on the users PC - this is a HUGE security hole and you should remove it immediately.

If you need sliding expiration then just set slidingExpiration="true" in the web.config - you can then use the built in remember me button and hopefully that will solve all your problems.

/- Sam Judson : Wrox Technical Editor -/





Similar Threads
Thread Thread Starter Forum Replies Last Post
Bugbase - Selected application on login nakori BOOK: ASP.NET 2.0 Instant Results ISBN: 978-0-471-74951-6 1 June 23rd, 2008 12:56 PM
Login Application Help Please Shalinar VB.NET 2002/2003 Basics 5 July 16th, 2007 01:01 PM
Login/Password Java application larry Apache Tomcat 2 December 20th, 2005 04:42 AM
Redirecting control madkaikar_ashish General .NET 0 February 3rd, 2005 01:40 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.