Anoying problem with Forms Authentication and IE6 SP1
From: Steffen Balslev (steffen@home.sbalslev.dk)
Date: 09/30/02
- Next message: charles: "ASP.NET Privileges on XP Pro"
- Previous message: John F: "Setting NTFS permissions on folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steffen Balslev" <steffen@home.sbalslev.dk> Date: Mon, 30 Sep 2002 23:05:44 +0200
Hi ;>
I've got a problem using Forms Authentication and IE6 SP1. Can't seem to
find a solution anywhere.
Here's what I do.
web.config
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="MyAuthCookie" protection="None" timeout="60"
loginUrl="~/Login.aspx" path="/" />
</authentication>
<authorization>
<allow users="*" />
<authorization>
<location path="BlockedPage.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
login.aspx
std. form, fields: txt_nick, txt_password, btn_doLogin
private void btn_doLogin_Click(object sender, System.EventArgs e)
{
User UserLoggingIn = new User();
UserLoggingIn.Nick = txt_nick.Text;
UserLoggingIn.Password = txt_password.Text;
Data.Dbi dbin = new Data.Dbi();
if (dbin.UserIsValid(UserLoggingIn)) //Validate data.
{
FormsAuthentication.RedirectFromLoginPage(UserLoggingIn.Nick,chkBx_autoLogin
.Checked,"/");
}
}
result should be that all users can see all pages except from the
"BlockedPage.aspx" page.
using IE5
I go to default.aspx, click on a link to the BlockedPage.aspx,
I get redirected to login.aspx
I enter nick and pw and press the button
I get redirected to the BlockedPage.aspx and I am authenticated.
using IE6 SP1 !!!
I go to default.aspx, click on a link to the BlockedPage.aspx,
I get redirected to login.aspx
I enter nick and pw and press the button
I see the login page AGAIN. and I am not authenticated.
I wonder and then I punch the mouse of the table. ;[
OK ... well ... this is what I tried, to solve the problem.
1. Cookies... well need a p3p then, result no change.
2. Cookies... well let's set the privacy level (IE options, privacy) to
Accept All cookies... result no change.... aaaarghh.
3. Used 4 different cache expiration methods
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.AddHeader("pragma","no-cache");
Response.Expires = -1;
Response.ExpiresAbsolute = DateTime.Now.AddYears(-1);
Response.CacheControl = "Private";
result ... no change .... arrrghhh ... (ps. I set all of the options
on all of the pages, including setting expiration to imidiate on the IIS,
cleared the IE cache, diable viewstate etc etc etc.)
Well the really funny thing is when I solved the problem... well not a very
useful solution but it worked.
When redirected to the loginpage the URI reads
"http://tempuri.org/login.aspx?ReturnUrl=BlockedPage.aspx", right?, yes
right
After loggin on and still getting the same page the URI still reads
"http://tempuri.org/login.aspx?ReturnUrl=BlockedPage.aspx"
Changing it to
"http://tempuri.org/login.aspx?ReturnUrl=BlockedPage.aspx&uid=1
da da daaaa .... it works... I get redirected to BlockedPage.aspx and I
am logged in....
Help please, this will not work in the long run... can't expect the users to
append parameters to the uri just cuz they're using IE 6 SP1
Regards
S.Balslev
Denmark
- Next message: charles: "ASP.NET Privileges on XP Pro"
- Previous message: John F: "Setting NTFS permissions on folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
