| Groups | Blog | Home |
dotnet security : Forms Authentication Not Redirecting To Login Page
I have an ASP.NET application to which I have implemented forms authentication to handle security. It is a relatively straight forward solution with all aspx pages residing in the root folder. The issue I am experiencing is that when the authentication time out is activated and the user is hence unauthenticated, the browser window is on sometimes redirecting back to the login page. When the browser does or doesn't redirect to the login page seems to be defined by the page the user is trying to access as a very few aspx pages when requested will redirect to the login page correctly. This seems to be platform independed as the exact same behaviour is experienced on my local development machine running WinXPSP2 and a Win2K3 Server. Has anyone any ideas as to why this may be happening and/or have any suggestions to aid in the investagation? The web.config contents: <configuration> <system.web> <compilation defaultLanguage="c#" debug="true" /> <authentication mode="Forms"> <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" /> </authentication> <authorization> <deny users="?" /> <!-- Deny access to all unauthenticated users --> </authorization> </system.web> <location path="login.aspx"> <system.web> <authorization> <allow users="*" /> <!-- Allow all users --> </authorization> </system.web> </location> <location path="error.aspx"> <system.web> <authorization> <allow users="*" /> <!-- Allow all users --> </authorization> </system.web> </location>
Further to this, the error that is being returned when the redirect fails to
occur is: Access is denied. Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL. Error message 401.2.: You do not have permission to view this directory or page using the credentials you supplied. Contact the Web server's administrator for help. -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032 [quoted text, click to view] "Stu" wrote:
> Hi All, > > I have an ASP.NET application to which I have implemented forms > authentication to handle security. It is a relatively straight forward > solution with all aspx pages residing in the root folder. > > The issue I am experiencing is that when the authentication time out is > activated and the user is hence unauthenticated, the browser window is on > sometimes redirecting back to the login page. When the browser does or > doesn't redirect to the login page seems to be defined by the page the user > is trying to access as a very few aspx pages when requested will redirect to > the login page correctly. > > This seems to be platform independed as the exact same behaviour is > experienced on my local development machine running WinXPSP2 and a Win2K3 > Server. > > Has anyone any ideas as to why this may be happening and/or have any > suggestions to aid in the investagation? > > The web.config contents: > <configuration> > <system.web> > <compilation defaultLanguage="c#" debug="true" /> > <authentication mode="Forms"> > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All" > timeout="1" path="/" slidingExpiration="true" /> > </authentication> > <authorization> > <deny users="?" /> <!-- Deny access to all unauthenticated users --> > </authorization> > </system.web> > > <location path="login.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > <location path="error.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location>
Hello Stu,
how about trying a longer timeout that 1 minute...? that may be an issue - take 10 or 20 minutes. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Hi All, > > I have an ASP.NET application to which I have implemented forms > authentication to handle security. It is a relatively straight forward > solution with all aspx pages residing in the root folder. > > The issue I am experiencing is that when the authentication time out > is activated and the user is hence unauthenticated, the browser window > is on sometimes redirecting back to the login page. When the browser > does or doesn't redirect to the login page seems to be defined by the > page the user is trying to access as a very few aspx pages when > requested will redirect to the login page correctly. > > This seems to be platform independed as the exact same behaviour is > experienced on my local development machine running WinXPSP2 and a > Win2K3 Server. > > Has anyone any ideas as to why this may be happening and/or have any > suggestions to aid in the investagation? > > The web.config contents: > <configuration> > <system.web> > <compilation defaultLanguage="c#" debug="true" /> > <authentication mode="Forms"> > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" > protection="All" > timeout="1" path="/" slidingExpiration="true" /> > </authentication> > <authorization> > <deny users="?" /> <!-- Deny access to all unauthenticated users > --> > </authorization> > </system.web> > <location path="login.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > <location path="error.aspx"> > <system.web> > <authorization> > <allow users="*" /> <!-- Allow all users --> > </authorization> > </system.web> > </location> > </configuration>
I have set the timeout to 1 minute just for testing purposes so that I can
replicate the issue within 1 minute rather than waiting 1/2 an hour for the issue to surface. Surely this has to be an issue with a property of some of my pages that is not set on the others. I have searched high and low for differences other that the actual code itself but cannot seem to find any differing factors about the pages. --------------------------------------------------- Cheers, Stu [quoted text, click to view] "Dominick Baier [DevelopMentor]" wrote:
> Hello Stu, > > how about trying a longer timeout that 1 minute...? that may be an issue > - take 10 or 20 minutes. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > Hi All, > > > > I have an ASP.NET application to which I have implemented forms > > authentication to handle security. It is a relatively straight forward > > solution with all aspx pages residing in the root folder. > > > > The issue I am experiencing is that when the authentication time out > > is activated and the user is hence unauthenticated, the browser window > > is on sometimes redirecting back to the login page. When the browser > > does or doesn't redirect to the login page seems to be defined by the > > page the user is trying to access as a very few aspx pages when > > requested will redirect to the login page correctly. > > > > This seems to be platform independed as the exact same behaviour is > > experienced on my local development machine running WinXPSP2 and a > > Win2K3 Server. > > > > Has anyone any ideas as to why this may be happening and/or have any > > suggestions to aid in the investagation? > > > > The web.config contents: > > <configuration> > > <system.web> > > <compilation defaultLanguage="c#" debug="true" /> > > <authentication mode="Forms"> > > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" > > protection="All" > > timeout="1" path="/" slidingExpiration="true" /> > > </authentication> > > <authorization> > > <deny users="?" /> <!-- Deny access to all unauthenticated users > > --> > > </authorization> > > </system.web> > > <location path="login.aspx"> > > <system.web> > > <authorization> > > <allow users="*" /> <!-- Allow all users --> > > </authorization> > > </system.web> > > </location> > > <location path="error.aspx"> > > <system.web> > > <authorization> > > <allow users="*" /> <!-- Allow all users --> > > </authorization> > > </system.web> > > </location> > > </configuration> > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |