| Groups | Blog | Home |
asp.net security : mixed mode authentication + no postbacks
I implemented a mixed mode authentication as follows: main site using forms authentication redirector site using windows authentication, creates a forms authentication cookie and redirects to main site the problem is if i go to the main site everything works fine if i go to the redirector site it redirects to the main site ( as expected, cookie is generated as expected and in site Context.Current.User is set as expected ) but no postbacks occur anymore, even if i logout an logon to the main site problem resides, i figured out that any "redirector" site protected by windows authentication redirecting to my site causes postbacks to not function anymore. I tried the sample from Microsoft Press Book "Developing More-Secure Microsoft® ASP.NET 2.0 Applications" and same thing happened. My config Vista SP1 .NET 3.5 or 2003 R2 .NET 3.5 Applications are .NET 2.0 applications
Hi tia,
From your description, you've applied a custom mixed authenitcation in your ASP.NET web application,and the windows authentication module will generate forms authentication cookie and redirect user to formsauthentication site. However, you found that after redirected from windows authenticatino site, any page postback operation no longer work, correct? If this is the case, I think the behavior is quite unexpected. As for the postback not work, do you mean even putting a typical submit button(and click it) will not cause page to postback? Or if the client-side browser does perform the postback and server-side didn't show any reflection or return any response? I'm still not quite sure about the exact result and behavior when you go through the redirector module and return to main site pages. Is there any particular error message? Sincerely, Steven Cheng Microsoft MSDN Online Support Lead Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@microsoft.com. ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] >Date: Tue, 13 May 2008 08:44:02 +0200
>From: "domagoj@community.nospam" <domagoj@community.nospam> >User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >MIME-Version: 1.0 >Subject: mixed mode authentication + no postbacks > >Hi there > >I implemented a mixed mode authentication as follows: > main site using forms authentication > redirector site using windows authentication, creates a forms >authentication cookie and redirects to main site > >the problem is if i go to the main site everything works fine > >if i go to the redirector site it redirects to the main site ( as >expected, cookie is generated as expected and in site >Context.Current.User is set as expected ) but no postbacks occur >anymore, even if i logout an logon to the main site problem resides, i >figured out that any "redirector" site protected by windows >authentication redirecting to my site causes postbacks to not function >anymore. > >I tried the sample from Microsoft Press Book "Developing More-Secure >Microsoft?ASP.NET 2.0 Applications" and same thing happened. > >My config Vista SP1 .NET 3.5 >or 2003 R2 .NET 3.5 > >Applications are .NET 2.0 applications > >tia dom >
[quoted text, click to view]
Steven Cheng [MSFT] wrote: > Hi tia, > > From your description, you've applied a custom mixed authenitcation in your > ASP.NET web application,and the windows authentication module will generate > forms authentication cookie and redirect user to formsauthentication site. > However, you found that after redirected from windows authenticatino site, > any page postback operation no longer work, correct? > > If this is the case, I think the behavior is quite unexpected. As for the > postback not work, do you mean even putting a typical submit button(and > click it) will not cause page to postback? Or if the client-side browser > does perform the postback and server-side didn't show any reflection or > return any response? I'm still not quite sure about the exact result and > behavior when you go through the redirector module and return to main site > pages. Is there any particular error message? > > Sincerely, > > Steven Cheng > > Microsoft MSDN Online Support Lead > > > Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msdnmg@microsoft.com. > > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscriptions/support/default.aspx. > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. > > > -------------------- >> Date: Tue, 13 May 2008 08:44:02 +0200 >> From: "domagoj@community.nospam" <domagoj@community.nospam> >> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >> MIME-Version: 1.0 >> Subject: mixed mode authentication + no postbacks > >> Hi there >> >> I implemented a mixed mode authentication as follows: >> main site using forms authentication >> redirector site using windows authentication, creates a forms >> authentication cookie and redirects to main site >> >> the problem is if i go to the main site everything works fine >> >> if i go to the redirector site it redirects to the main site ( as >> expected, cookie is generated as expected and in site >> Context.Current.User is set as expected ) but no postbacks occur >> anymore, even if i logout an logon to the main site problem resides, i >> figured out that any "redirector" site protected by windows >> authentication redirecting to my site causes postbacks to not function >> anymore. >> >> I tried the sample from Microsoft Press Book "Developing More-Secure >> Microsoft?ASP.NET 2.0 Applications" and same thing happened. >> >> My config Vista SP1 .NET 3.5 >> or 2003 R2 .NET 3.5 >> >> Applications are .NET 2.0 applications >> >> tia dom >> > correct, no button or any other method to trigger postback works anymore, ispostback is always false and no viewstate form fiels is sent to server anymore i wrote a small webapp with one page and one button, by clicking the button the app creates a authcookie(always with same information within it) and redirects to my app, if i set authentication for this app to forms or none everything works as expected, but if i set the authentication to windows the problem same as described in my post i figured out that browser sends the authentication handshakes if redirect from windows authorized webapp and on every "postback" ist one more
I know the sample from the book you are talking about ;)
The behavior you describe is very unexpected. Do you have another test machine to verify this? ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) [quoted text, click to view] > Steven Cheng [MSFT] wrote: > >> Hi tia, >> >> From your description, you've applied a custom mixed authenitcation >> in your ASP.NET web application,and the windows authentication module >> will generate forms authentication cookie and redirect user to >> formsauthentication site. However, you found that after redirected >> from windows authenticatino site, any page postback operation no >> longer work, correct? >> >> If this is the case, I think the behavior is quite unexpected. As for >> the postback not work, do you mean even putting a typical submit >> button(and click it) will not cause page to postback? Or if the >> client-side browser does perform the postback and server-side didn't >> show any reflection or return any response? I'm still not quite sure >> about the exact result and behavior when you go through the >> redirector module and return to main site pages. Is there any >> particular error message? >> >> Sincerely, >> >> Steven Cheng >> >> Microsoft MSDN Online Support Lead >> >> Delighting our customers is our #1 priority. We welcome your comments >> and suggestions about how we can improve the support we provide to >> you. Please feel free to let my manager know what you think of the >> level of service provided. You can send feedback directly to my >> manager at: msdnmg@microsoft.com. >> >> ================================================== >> Get notification to my posts through email? Please refer to >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp >> x#notif >> ications. >> Note: The MSDN Managed Newsgroup support offering is for non-urgent >> issues >> where an initial response from the community or a Microsoft Support >> Engineer within 1 business day is acceptable. Please note that each >> follow >> up response may take approximately 2 business days as the support >> professional working with you may need further investigation to reach >> the >> most efficient resolution. The offering is not appropriate for >> situations >> that require urgent, real-time or phone-based interactions or complex >> project analysis and dump analysis issues. Issues of this nature are >> best >> handled working with a dedicated Microsoft Support Engineer by >> contacting >> Microsoft Customer Support Services (CSS) at >> http://msdn.microsoft.com/subscriptions/support/default.aspx. >> ================================================== >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> -------------------- >> >>> Date: Tue, 13 May 2008 08:44:02 +0200 >>> From: "domagoj@community.nospam" <domagoj@community.nospam> >>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >>> MIME-Version: 1.0 >>> Subject: mixed mode authentication + no postbacks >>> Hi there >>> >>> I implemented a mixed mode authentication as follows: >>> main site using forms authentication >>> redirector site using windows authentication, creates a forms >>> authentication cookie and redirects to main site >>> the problem is if i go to the main site everything works fine >>> >>> if i go to the redirector site it redirects to the main site ( as >>> expected, cookie is generated as expected and in site >>> Context.Current.User is set as expected ) but no postbacks occur >>> anymore, even if i logout an logon to the main site problem resides, >>> i figured out that any "redirector" site protected by windows >>> authentication redirecting to my site causes postbacks to not >>> function anymore. >>> >>> I tried the sample from Microsoft Press Book "Developing More-Secure >>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. >>> >>> My config Vista SP1 .NET 3.5 >>> or 2003 R2 .NET 3.5 >>> Applications are .NET 2.0 applications >>> >>> tia dom >>> > correct, no button or any other method to trigger postback works > anymore, ispostback is always false and no viewstate form fiels is > sent to server anymore > > i wrote a small webapp with one page and one button, by clicking the > button the app creates a authcookie(always with same information > within it) and redirects to my app, if i set authentication for this > app to forms or none everything works as expected, but if i set the > authentication to windows the problem same as described in my post > > i figured out that browser sends the authentication handshakes if > redirect from windows authorized webapp and on every "postback" ist > one more > > tia dom >
Thanks for your reply Tia,
#Web Development Helper -------------------- [quoted text, click to view] >Date: Tue, 13 May 2008 12:47:29 +0200
>MIME-Version: 1.0 >Subject: Re: mixed mode authentication + no postbacks > >Steven Cheng [MSFT] wrote: >> Hi tia, >> >> From your description, you've applied a custom mixed authenitcation in your >> ASP.NET web application,and the windows authentication module will generate >> forms authentication cookie and redirect user to formsauthentication site. >> However, you found that after redirected from windows authenticatino site, >> any page postback operation no longer work, correct? >> >> If this is the case, I think the behavior is quite unexpected. As for the >> postback not work, do you mean even putting a typical submit button(and >> click it) will not cause page to postback? Or if the client-side browser >> does perform the postback and server-side didn't show any reflection or >> return any response? I'm still not quite sure about the exact result and >> behavior when you go through the redirector module and return to main site >> pages. Is there any particular error message? >> >> Sincerely, >> >> Steven Cheng >> >> Microsoft MSDN Online Support Lead >> >> >> Delighting our customers is our #1 priority. We welcome your comments and >> suggestions about how we can improve the support we provide to you. Please >> feel free to let my manager know what you think of the level of service >> provided. You can send feedback directly to my manager at: >> msdnmg@microsoft.com. >> >> ================================================== >> Get notification to my posts through email? Please refer to >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif >> ications. >> >> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues >> where an initial response from the community or a Microsoft Support >> Engineer within 1 business day is acceptable. Please note that each follow >> up response may take approximately 2 business days as the support >> professional working with you may need further investigation to reach the >> most efficient resolution. The offering is not appropriate for situations >> that require urgent, real-time or phone-based interactions or complex >> project analysis and dump analysis issues. Issues of this nature are best >> handled working with a dedicated Microsoft Support Engineer by contacting >> Microsoft Customer Support Services (CSS) at >> http://msdn.microsoft.com/subscriptions/support/default.aspx. >> ================================================== >> This posting is provided "AS IS" with no warranties, and confers no rights. >> >> >> -------------------- >>> Date: Tue, 13 May 2008 08:44:02 +0200 >>> From: "domagoj@community.nospam" <domagoj@community.nospam> >>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >>> MIME-Version: 1.0 >>> Subject: mixed mode authentication + no postbacks >> >>> Hi there >>> >>> I implemented a mixed mode authentication as follows: >>> main site using forms authentication >>> redirector site using windows authentication, creates a forms >>> authentication cookie and redirects to main site >>> >>> the problem is if i go to the main site everything works fine >>> >>> if i go to the redirector site it redirects to the main site ( as >>> expected, cookie is generated as expected and in site >>> Context.Current.User is set as expected ) but no postbacks occur >>> anymore, even if i logout an logon to the main site problem resides, i >>> figured out that any "redirector" site protected by windows >>> authentication redirecting to my site causes postbacks to not function >>> anymore. >>> >>> I tried the sample from Microsoft Press Book "Developing More-Secure >>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. >>> >>> My config Vista SP1 .NET 3.5 >>> or 2003 R2 .NET 3.5 >>> >>> Applications are .NET 2.0 applications >>> >>> tia dom >>> >> > >correct, no button or any other method to trigger postback works >anymore, ispostback is always false and no viewstate form fiels is sent >to server anymore > >i wrote a small webapp with one page and one button, by clicking the >button the app creates a authcookie(always with same information within >it) and redirects to my app, if i set authentication for this app to >forms or none everything works as expected, but if i set the >authentication to windows the problem same as described in my post > >i figured out that browser sends the authentication handshakes if >redirect from windows authorized webapp and on every "postback" ist one more > >tia dom >
Hi Tia,
You can try the web development helper which can capture http messages between browser and webserver: #Web Development Helper http://projects.nikhilk.net/webdevhelper/ Sincerely, Steven Cheng Microsoft MSDN Online Support Lead Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@microsoft.com. ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] >Date: Tue, 13 May 2008 12:47:29 +0200
>From: "domagoj@community.nospam" <domagoj@community.nospam> >User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >MIME-Version: 1.0 >Subject: Re: mixed mode authentication + no postbacks > >Steven Cheng [MSFT] wrote: >> Hi tia, >> >> From your description, you've applied a custom mixed authenitcation in your >> ASP.NET web application,and the windows authentication module will generate >> forms authentication cookie and redirect user to formsauthentication site. >> However, you found that after redirected from windows authenticatino site, >> any page postback operation no longer work, correct? >> >> If this is the case, I think the behavior is quite unexpected. As for the >> postback not work, do you mean even putting a typical submit button(and >> click it) will not cause page to postback? Or if the client-side browser >> does perform the postback and server-side didn't show any reflection or >> return any response? I'm still not quite sure about the exact result and >> behavior when you go through the redirector module and return to main site >> pages. Is there any particular error message? >> >> Sincerely, >> >> Steven Cheng >> >> Microsoft MSDN Online Support Lead >> >> >> Delighting our customers is our #1 priority. We welcome your comments and >> suggestions about how we can improve the support we provide to you. Please >> feel free to let my manager know what you think of the level of service >> provided. You can send feedback directly to my manager at: >> msdnmg@microsoft.com. >> >> ================================================== >> Get notification to my posts through email? Please refer to >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif >> ications. >> >> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues >> where an initial response from the community or a Microsoft Support >> Engineer within 1 business day is acceptable. Please note that each follow >> up response may take approximately 2 business days as the support >> professional working with you may need further investigation to reach the >> most efficient resolution. The offering is not appropriate for situations >> that require urgent, real-time or phone-based interactions or complex >> project analysis and dump analysis issues. Issues of this nature are best >> handled working with a dedicated Microsoft Support Engineer by contacting >> Microsoft Customer Support Services (CSS) at >> http://msdn.microsoft.com/subscriptions/support/default.aspx. >> ================================================== >> This posting is provided "AS IS" with no warranties, and confers no rights. >> >> >> -------------------- >>> Date: Tue, 13 May 2008 08:44:02 +0200 >>> From: "domagoj@community.nospam" <domagoj@community.nospam> >>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >>> MIME-Version: 1.0 >>> Subject: mixed mode authentication + no postbacks >> >>> Hi there >>> >>> I implemented a mixed mode authentication as follows: >>> main site using forms authentication >>> redirector site using windows authentication, creates a forms >>> authentication cookie and redirects to main site >>> >>> the problem is if i go to the main site everything works fine >>> >>> if i go to the redirector site it redirects to the main site ( as >>> expected, cookie is generated as expected and in site >>> Context.Current.User is set as expected ) but no postbacks occur >>> anymore, even if i logout an logon to the main site problem resides, i >>> figured out that any "redirector" site protected by windows >>> authentication redirecting to my site causes postbacks to not function >>> anymore. >>> >>> I tried the sample from Microsoft Press Book "Developing More-Secure >>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. >>> >>> My config Vista SP1 .NET 3.5 >>> or 2003 R2 .NET 3.5 >>> >>> Applications are .NET 2.0 applications >>> >>> tia dom >>> >> > >correct, no button or any other method to trigger postback works >anymore, ispostback is always false and no viewstate form fiels is sent >to server anymore > >i wrote a small webapp with one page and one button, by clicking the >button the app creates a authcookie(always with same information within >it) and redirects to my app, if i set authentication for this app to >forms or none everything works as expected, but if i set the >authentication to windows the problem same as described in my post > >i figured out that browser sends the authentication handshakes if >redirect from windows authorized webapp and on every "postback" ist one more > >tia dom >
Hi tia ,
Have you got any progress on this? If you need any further help, please feel free to let me know. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@microsoft.com. ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] >Content-Transfer-Encoding: 7bit
>From: stcheng@online.microsoft.com (Steven Cheng [MSFT]) >Organization: Microsoft >Date: Wed, 14 May 2008 02:30:38 GMT >Subject: Re: mixed mode authentication + no postbacks > >Thanks for your reply Tia, > >#Web Development Helper > > > >-------------------- >>Date: Tue, 13 May 2008 12:47:29 +0200 >>MIME-Version: 1.0 >>Subject: Re: mixed mode authentication + no postbacks > >> >>Steven Cheng [MSFT] wrote: >>> Hi tia, >>> >>> From your description, you've applied a custom mixed authenitcation in >your >>> ASP.NET web application,and the windows authentication module will >generate >>> forms authentication cookie and redirect user to formsauthentication >site. >>> However, you found that after redirected from windows authenticatino >site, >>> any page postback operation no longer work, correct? >>> >>> If this is the case, I think the behavior is quite unexpected. As for >the >>> postback not work, do you mean even putting a typical submit button(and >>> click it) will not cause page to postback? Or if the client-side browser >>> does perform the postback and server-side didn't show any reflection or >>> return any response? I'm still not quite sure about the exact result >and >>> behavior when you go through the redirector module and return to main >site >>> pages. Is there any particular error message? >>> >>> Sincerely, >>> >>> Steven Cheng >>> >>> Microsoft MSDN Online Support Lead >>> >>> >>> Delighting our customers is our #1 priority. We welcome your comments >and >>> suggestions about how we can improve the support we provide to you. >Please >>> feel free to let my manager know what you think of the level of service >>> provided. You can send feedback directly to my manager at: >>> msdnmg@microsoft.com. >>> >>> ================================================== >>> Get notification to my posts through email? Please refer to >>> >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#noti f >>> ications. >>> >>> Note: The MSDN Managed Newsgroup support offering is for non-urgent >issues >>> where an initial response from the community or a Microsoft Support >>> Engineer within 1 business day is acceptable. Please note that each >follow >>> up response may take approximately 2 business days as the support >>> professional working with you may need further investigation to reach >the >>> most efficient resolution. The offering is not appropriate for >situations >>> that require urgent, real-time or phone-based interactions or complex >>> project analysis and dump analysis issues. Issues of this nature are >best >>> handled working with a dedicated Microsoft Support Engineer by >contacting >>> Microsoft Customer Support Services (CSS) at >>> http://msdn.microsoft.com/subscriptions/support/default.aspx. >>> ================================================== >>> This posting is provided "AS IS" with no warranties, and confers no >rights. >>> >>> >>> -------------------- >>>> Date: Tue, 13 May 2008 08:44:02 +0200 >>>> From: "domagoj@community.nospam" <domagoj@community.nospam> >>>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) >>>> MIME-Version: 1.0 >>>> Subject: mixed mode authentication + no postbacks >>> >>>> Hi there >>>> >>>> I implemented a mixed mode authentication as follows: >>>> main site using forms authentication >>>> redirector site using windows authentication, creates a forms >>>> authentication cookie and redirects to main site >>>> >>>> the problem is if i go to the main site everything works fine >>>> >>>> if i go to the redirector site it redirects to the main site ( as >>>> expected, cookie is generated as expected and in site >>>> Context.Current.User is set as expected ) but no postbacks occur >>>> anymore, even if i logout an logon to the main site problem resides, i >>>> figured out that any "redirector" site protected by windows >>>> authentication redirecting to my site causes postbacks to not function >>>> anymore. >>>> >>>> I tried the sample from Microsoft Press Book "Developing More-Secure >>>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. >>>> >>>> My config Vista SP1 .NET 3.5 >>>> or 2003 R2 .NET 3.5 >>>> >>>> Applications are .NET 2.0 applications >>>> >>>> tia dom >>>> >>> >> >>correct, no button or any other method to trigger postback works >>anymore, ispostback is always false and no viewstate form fiels is sent >>to server anymore >> >>i wrote a small webapp with one page and one button, by clicking the >>button the app creates a authcookie(always with same information within >>it) and redirects to my app, if i set authentication for this app to >>forms or none everything works as expected, but if i set the >>authentication to windows the problem same as described in my post >> >>i figured out that browser sends the authentication handshakes if >>redirect from windows authorized webapp and on every "postback" ist one >more >> >>tia dom >> > >
Just check the application name value for your applications to match.
br Dimi T. [quoted text, click to view] "Steven Cheng [MSFT]" wrote:
> Hi Tia, > > You can try the web development helper which can capture http messages > between browser and webserver: > > #Web Development Helper > http://projects.nikhilk.net/webdevhelper/ > > Sincerely, > > Steven Cheng > > Microsoft MSDN Online Support Lead > > > Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msdnmg@microsoft.com. > > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. > > -------------------- > >Date: Tue, 13 May 2008 12:47:29 +0200 > >From: "domagoj@community.nospam" <domagoj@community.nospam> > >User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > >MIME-Version: 1.0 > >Subject: Re: mixed mode authentication + no postbacks > > > > >Steven Cheng [MSFT] wrote: > >> Hi tia, > >> > >> From your description, you've applied a custom mixed authenitcation in > your > >> ASP.NET web application,and the windows authentication module will > generate > >> forms authentication cookie and redirect user to formsauthentication > site. > >> However, you found that after redirected from windows authenticatino > site, > >> any page postback operation no longer work, correct? > >> > >> If this is the case, I think the behavior is quite unexpected. As for > the > >> postback not work, do you mean even putting a typical submit button(and > >> click it) will not cause page to postback? Or if the client-side browser > >> does perform the postback and server-side didn't show any reflection or > >> return any response? I'm still not quite sure about the exact result > and > >> behavior when you go through the redirector module and return to main > site > >> pages. Is there any particular error message? > >> > >> Sincerely, > >> > >> Steven Cheng > >> > >> Microsoft MSDN Online Support Lead > >> > >> > >> Delighting our customers is our #1 priority. We welcome your comments > and > >> suggestions about how we can improve the support we provide to you. > Please > >> feel free to let my manager know what you think of the level of service > >> provided. You can send feedback directly to my manager at: > >> msdnmg@microsoft.com. > >> > >> ================================================== > >> Get notification to my posts through email? Please refer to > >> > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > >> ications. > >> > >> Note: The MSDN Managed Newsgroup support offering is for non-urgent > issues > >> where an initial response from the community or a Microsoft Support > >> Engineer within 1 business day is acceptable. Please note that each > follow > >> up response may take approximately 2 business days as the support > >> professional working with you may need further investigation to reach > the > >> most efficient resolution. The offering is not appropriate for > situations > >> that require urgent, real-time or phone-based interactions or complex > >> project analysis and dump analysis issues. Issues of this nature are > best > >> handled working with a dedicated Microsoft Support Engineer by > contacting > >> Microsoft Customer Support Services (CSS) at > >> http://msdn.microsoft.com/subscriptions/support/default.aspx. > >> ================================================== > >> This posting is provided "AS IS" with no warranties, and confers no > rights. > >> > >> > >> -------------------- > >>> Date: Tue, 13 May 2008 08:44:02 +0200 > >>> From: "domagoj@community.nospam" <domagoj@community.nospam> > >>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > >>> MIME-Version: 1.0 > >>> Subject: mixed mode authentication + no postbacks > >> > >>> Hi there > >>> > >>> I implemented a mixed mode authentication as follows: > >>> main site using forms authentication > >>> redirector site using windows authentication, creates a forms > >>> authentication cookie and redirects to main site > >>> > >>> the problem is if i go to the main site everything works fine > >>> > >>> if i go to the redirector site it redirects to the main site ( as > >>> expected, cookie is generated as expected and in site > >>> Context.Current.User is set as expected ) but no postbacks occur > >>> anymore, even if i logout an logon to the main site problem resides, i > >>> figured out that any "redirector" site protected by windows > >>> authentication redirecting to my site causes postbacks to not function > >>> anymore. > >>> > >>> I tried the sample from Microsoft Press Book "Developing More-Secure > >>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. > >>> > >>> My config Vista SP1 .NET 3.5 > >>> or 2003 R2 .NET 3.5 > >>> > >>> Applications are .NET 2.0 applications > >>> > >>> tia dom > >>> > >> > > > >correct, no button or any other method to trigger postback works > >anymore, ispostback is always false and no viewstate form fiels is sent > >to server anymore > > > >i wrote a small webapp with one page and one button, by clicking the > >button the app creates a authcookie(always with same information within > >it) and redirects to my app, if i set authentication for this app to > >forms or none everything works as expected, but if i set the > >authentication to windows the problem same as described in my post > > > >i figured out that browser sends the authentication handshakes if > >redirect from windows authorized webapp and on every "postback" ist one > more > > > >tia dom > > >
What application name where ?
On May 21, 12:32 am, Dimitrios Toulakis [quoted text, click to view] <DimitriosToula...@discussions.microsoft.com> wrote:
> Just check the application name value for your applications to match. > > br > Dimi T. > > "Steven Cheng [MSFT]" wrote: > > Hi Tia, > > > You can try the web development helper which can capture http messages > > between browser and webserver: > > > #Web Development Helper > >http://projects.nikhilk.net/webdevhelper/ > > > Sincerely, > > > Steven Cheng > > > Microsoft MSDN Online Support Lead > > > Delighting our customers is our #1 priority. We welcome your comments and > > suggestions about how we can improve the support we provide to you. Please > > feel free to let my manager know what you think of the level of service > > provided. You can send feedback directly to my manager at: > > msd...@microsoft.com. > > > ================================================== > > Get notification to my posts through email? Please refer to > >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp... > > ications. > > > ================================================== > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > -------------------- > > >Date: Tue, 13 May 2008 12:47:29 +0200 > > >From: "doma...@community.nospam" <doma...@community.nospam> > > >User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > > >MIME-Version: 1.0 > > >Subject: Re: mixed mode authentication + no postbacks > > > >Steven Cheng [MSFT] wrote: > > >> Hi tia, > > > >> From your description, you've applied a custom mixed authenitcation in > > your > > >> ASP.NET web application,and the windows authentication module will > > generate > > >> forms authentication cookie and redirect user to formsauthentication > > site. > > >> However, you found that after redirected from windows authenticatino > > site, > > >> any page postback operation no longer work, correct? > > > >> If this is the case, I think the behavior is quite unexpected. As for > > the > > >> postback not work, do you mean even putting a typical submit button(and > > >> click it) will not cause page to postback? Or if the client-side browser > > >> does perform the postback and server-side didn't show any reflection or > > >> return any response? I'm still not quite sure about the exact result > > and > > >> behavior when you go through the redirector module and return to main > > site > > >> pages. Is there any particular error message? > > > >> Sincerely, > > > >> Steven Cheng > > > >> Microsoft MSDN Online Support Lead > > > >> Delighting our customers is our #1 priority. We welcome your comments > > and > > >> suggestions about how we can improve the support we provide to you. > > Please > > >> feel free to let my manager know what you think of the level of service > > >> provided. You can send feedback directly to my manager at: > > >> msd...@microsoft.com. > > > >> ================================================== > > >> Get notification to my posts through email? Please refer to > > >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp... > > >> ications. > > > >> Note: The MSDN Managed Newsgroup support offering is for non-urgent > > issues > > >> where an initial response from the community or a Microsoft Support > > >> Engineer within 1 business day is acceptable. Please note that each > > follow > > >> up response may take approximately 2 business days as the support > > >> professional working with you may need further investigation to reach > > the > > >> most efficient resolution. The offering is not appropriate for > > situations > > >> that require urgent, real-time or phone-based interactions or complex > > >> project analysis and dump analysis issues. Issues of this nature are > > best > > >> handled working with a dedicated Microsoft Support Engineer by > > contacting > > >> Microsoft Customer Support Services (CSS) at > > >>http://msdn.microsoft.com/subscriptions/support/default.aspx. > > >> ================================================== > > >> This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > >> -------------------- > > >>> Date: Tue, 13 May 2008 08:44:02 +0200 > > >>> From: "doma...@community.nospam" <doma...@community.nospam> > > >>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > > >>> MIME-Version: 1.0 > > >>> Subject: mixed mode authentication + no postbacks > > > >>> Hi there > > > >>> I implemented a mixed mode authentication as follows: > > >>> main site using forms authentication > > >>> redirector site using windows authentication, creates a forms > > >>> authentication cookie and redirects to main site > > > >>> the problem is if i go to the main site everything works fine > > > >>> if i go to the redirector site it redirects to the main site ( as > > >>> expected, cookie is generated as expected and in site > > >>> Context.Current.User is set as expected ) but no postbacks occur > > >>> anymore, even if i logout an logon to the main site problem resides, i > > >>> figured out that any "redirector" site protected by windows > > >>> authentication redirecting to my site causes postbacks to not function > > >>> anymore. > > > >>> I tried the sample from Microsoft Press Book "Developing More-Secure > > >>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. > > > >>> My config Vista SP1 .NET 3.5 > > >>> or 2003 R2 .NET 3.5 > > > >>> Applications are .NET 2.0 applications > > > >>> tia dom > > > >correct, no button or any other method to trigger postback works > > >anymore, ispostback is always false and no viewstate form fiels is sent > > >to server anymore > > > >i wrote a small webapp with one page and one button, by clicking the > > >button the app creates a authcookie(always with same information within > > >it) and redirects to my app, if i set authentication for this app to > > >forms or none everything works as expected, but if i set the > > >authentication to windows the problem same as described in my post > > > >i figured out that browser sends the authentication handshakes if > > >redirect from windows authorized webapp and on every "postback" ist one > > more > > > >tia dom
Oddly this bahaviour ONLY manifests for us if we are developing and
debugging on the same machine, i'e client and server on same machine, as soon as we run the client from elsewhere we get the postback we expect !!!!!!! doh ! [quoted text, click to view] > On May 16, 10:01 pm, stch...@online.microsoft.com (Steven Cheng [MSFT]) wrote:
> Hi tia , > > Have you got any progress on this? If you need any further help, please > feel free to let me know. > > Sincerely, > > Steven Cheng > > Microsoft MSDN Online Support Lead > > Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msd...@microsoft.com. > > ================================================== > Get notification to my posts through email? Please refer tohttp://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp... > ications. > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. > -------------------- > > > > >Content-Transfer-Encoding: 7bit > >From: stch...@online.microsoft.com (Steven Cheng [MSFT]) > >Organization: Microsoft > >Date: Wed, 14 May 2008 02:30:38 GMT > >Subject: Re: mixed mode authentication + no postbacks > > >Thanks for your reply Tia, > > >#Web Development Helper > > >-------------------- > >>Date: Tue, 13 May 2008 12:47:29 +0200 > >>MIME-Version: 1.0 > >>Subject: Re: mixed mode authentication + no postbacks > > >>Steven Cheng [MSFT] wrote: > >>> Hi tia, > > >>> From your description, you've applied a custom mixed authenitcation in > >your > >>> ASP.NET web application,and the windows authentication module will > >generate > >>> forms authentication cookie and redirect user to formsauthentication > >site. > >>> However, you found that after redirected from windows authenticatino > >site, > >>> any page postback operation no longer work, correct? > > >>> If this is the case, I think the behavior is quite unexpected. As for > >the > >>> postback not work, do you mean even putting a typical submit button(and > >>> click it) will not cause page to postback? Or if the client-side > browser > >>> does perform the postback and server-side didn't show any reflection or > >>> return any response? I'm still not quite sure about the exact result > >and > >>> behavior when you go through the redirector module and return to main > >site > >>> pages. Is there any particular error message? > > >>> Sincerely, > > >>> Steven Cheng > > >>> Microsoft MSDN Online Support Lead > > >>> Delighting our customers is our #1 priority. We welcome your comments > >and > >>> suggestions about how we can improve the support we provide to you. > >Please > >>> feel free to let my manager know what you think of the level of service > >>> provided. You can send feedback directly to my manager at: > >>> msd...@microsoft.com. > > >>> ================================================== > >>> Get notification to my posts through email? Please refer to > > >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp... > f > >>> ications. > > >>> Note: The MSDN Managed Newsgroup support offering is for non-urgent > >issues > >>> where an initial response from the community or a Microsoft Support > >>> Engineer within 1 business day is acceptable. Please note that each > >follow > >>> up response may take approximately 2 business days as the support > >>> professional working with you may need further investigation to reach > >the > >>> most efficient resolution. The offering is not appropriate for > >situations > >>> that require urgent, real-time or phone-based interactions or complex > >>> project analysis and dump analysis issues. Issues of this nature are > >best > >>> handled working with a dedicated Microsoft Support Engineer by > >contacting > >>> Microsoft Customer Support Services (CSS) at > >>>http://msdn.microsoft.com/subscriptions/support/default.aspx. > >>> ================================================== > >>> This posting is provided "AS IS" with no warranties, and confers no > >rights. > > >>> -------------------- > >>>> Date: Tue, 13 May 2008 08:44:02 +0200 > >>>> From: "doma...@community.nospam" <doma...@community.nospam> > >>>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > >>>> MIME-Version: 1.0 > >>>> Subject: mixed mode authentication + no postbacks > > >>>> Hi there > > >>>> I implemented a mixed mode authentication as follows: > >>>> main site using forms authentication > >>>> redirector site using windows authentication, creates a forms > >>>> authentication cookie and redirects to main site > > >>>> the problem is if i go to the main site everything works fine > > >>>> if i go to the redirector site it redirects to the main site ( as > >>>> expected, cookie is generated as expected and in site > >>>> Context.Current.User is set as expected ) but no postbacks occur > >>>> anymore, even if i logout an logon to the main site problem resides, i > >>>> figured out that any "redirector" site protected by windows > >>>> authentication redirecting to my site causes postbacks to not function > >>>> anymore. > > >>>> I tried the sample from Microsoft Press Book "Developing More-Secure > >>>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. > > >>>> My config Vista SP1 .NET 3.5 > >>>> or 2003 R2 .NET 3.5 > > >>>> Applications are .NET 2.0 applications > > >>>> tia dom > > >>correct, no button or any other method to trigger postback works > >>anymore, ispostback is always false and no viewstate form fiels is sent > >>to server anymore > > >>i wrote a small webapp with one page and one button, by clicking the > >>button the app creates a authcookie(always with same information within > >>it) and redirects to my app, if i set authentication for this app to > >>forms or none everything works as expected, but if i set the > >>authentication to windows the problem same as described in my post > > >>i figured out that browser sends the authentication handshakes if > >>redirect from windows authorized webapp and on every "postback" ist one > >more > > >>tia dom
Sorry,
Im assuming with this answer that you are running your applications in the IIS. There you should check the values to match to the corresponding dll.... Example: Your dll: Foo.dll Web1 -> WinAuth -> Name: FooWin --> App Name: Foo Web2 -> FormsAuth -> Name: Foo --> App Name: Foo br DT PS: If you are using the web dev server then I have no clue... PS2: If you are recompling and the browser window is open, then this happens sometimes.... [quoted text, click to view] "David" wrote:
> What application name where ? > > On May 21, 12:32 am, Dimitrios Toulakis > <DimitriosToula...@discussions.microsoft.com> wrote: > > Just check the application name value for your applications to match. > > > > br > > Dimi T. > > > > "Steven Cheng [MSFT]" wrote: > > > Hi Tia, > > > > > You can try the web development helper which can capture http messages > > > between browser and webserver: > > > > > #Web Development Helper > > >http://projects.nikhilk.net/webdevhelper/ > > > > > Sincerely, > > > > > Steven Cheng > > > > > Microsoft MSDN Online Support Lead > > > > > Delighting our customers is our #1 priority. We welcome your comments and > > > suggestions about how we can improve the support we provide to you. Please > > > feel free to let my manager know what you think of the level of service > > > provided. You can send feedback directly to my manager at: > > > msd...@microsoft.com. > > > > > ================================================== > > > Get notification to my posts through email? Please refer to > > >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp... > > > ications. > > > > > ================================================== > > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > > -------------------- > > > >Date: Tue, 13 May 2008 12:47:29 +0200 > > > >From: "doma...@community.nospam" <doma...@community.nospam> > > > >User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > > > >MIME-Version: 1.0 > > > >Subject: Re: mixed mode authentication + no postbacks > > > > > >Steven Cheng [MSFT] wrote: > > > >> Hi tia, > > > > > >> From your description, you've applied a custom mixed authenitcation in > > > your > > > >> ASP.NET web application,and the windows authentication module will > > > generate > > > >> forms authentication cookie and redirect user to formsauthentication > > > site. > > > >> However, you found that after redirected from windows authenticatino > > > site, > > > >> any page postback operation no longer work, correct? > > > > > >> If this is the case, I think the behavior is quite unexpected. As for > > > the > > > >> postback not work, do you mean even putting a typical submit button(and > > > >> click it) will not cause page to postback? Or if the client-side browser > > > >> does perform the postback and server-side didn't show any reflection or > > > >> return any response? I'm still not quite sure about the exact result > > > and > > > >> behavior when you go through the redirector module and return to main > > > site > > > >> pages. Is there any particular error message? > > > > > >> Sincerely, > > > > > >> Steven Cheng > > > > > >> Microsoft MSDN Online Support Lead > > > > > >> Delighting our customers is our #1 priority. We welcome your comments > > > and > > > >> suggestions about how we can improve the support we provide to you. > > > Please > > > >> feel free to let my manager know what you think of the level of service > > > >> provided. You can send feedback directly to my manager at: > > > >> msd...@microsoft.com. > > > > > >> ================================================== > > > >> Get notification to my posts through email? Please refer to > > > > >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp... > > > >> ications. > > > > > >> Note: The MSDN Managed Newsgroup support offering is for non-urgent > > > issues > > > >> where an initial response from the community or a Microsoft Support > > > >> Engineer within 1 business day is acceptable. Please note that each > > > follow > > > >> up response may take approximately 2 business days as the support > > > >> professional working with you may need further investigation to reach > > > the > > > >> most efficient resolution. The offering is not appropriate for > > > situations > > > >> that require urgent, real-time or phone-based interactions or complex > > > >> project analysis and dump analysis issues. Issues of this nature are > > > best > > > >> handled working with a dedicated Microsoft Support Engineer by > > > contacting > > > >> Microsoft Customer Support Services (CSS) at > > > >>http://msdn.microsoft.com/subscriptions/support/default.aspx. > > > >> ================================================== > > > >> This posting is provided "AS IS" with no warranties, and confers no > > > rights. > > > > > >> -------------------- > > > >>> Date: Tue, 13 May 2008 08:44:02 +0200 > > > >>> From: "doma...@community.nospam" <doma...@community.nospam> > > > >>> User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) > > > >>> MIME-Version: 1.0 > > > >>> Subject: mixed mode authentication + no postbacks > > > > > >>> Hi there > > > > > >>> I implemented a mixed mode authentication as follows: > > > >>> main site using forms authentication > > > >>> redirector site using windows authentication, creates a forms > > > >>> authentication cookie and redirects to main site > > > > > >>> the problem is if i go to the main site everything works fine > > > > > >>> if i go to the redirector site it redirects to the main site ( as > > > >>> expected, cookie is generated as expected and in site > > > >>> Context.Current.User is set as expected ) but no postbacks occur > > > >>> anymore, even if i logout an logon to the main site problem resides, i > > > >>> figured out that any "redirector" site protected by windows > > > >>> authentication redirecting to my site causes postbacks to not function > > > >>> anymore. > > > > > >>> I tried the sample from Microsoft Press Book "Developing More-Secure > > > >>> Microsoft?ASP.NET 2.0 Applications" and same thing happened. > > > > > >>> My config Vista SP1 .NET 3.5 > > > >>> or 2003 R2 .NET 3.5 > > > > > >>> Applications are .NET 2.0 applications > > > > > >>> tia dom > > > > > >correct, no button or any other method to trigger postback works > > > >anymore, ispostback is always false and no viewstate form fiels is sent > > > >to server anymore > > > > > >i wrote a small webapp with one page and one button, by clicking the > > > >button the app creates a authcookie(always with same information within > > > >it) and redirects to my app, if i set authentication for this app to > > > >forms or none everything works as expected, but if i set the > > > >authentication to windows the problem same as described in my post > >
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |