Forms Auth not recognizing cookie on return to site (1.1)

From: Cy Huckaba (cyh_at_delete.t-3.com)
Date: 04/29/03

• Next message: John McD: "Formsauthentication - Page_Load problem"
• Previous message: Alek Davis: "Re: 'Illegal key size for this algorithm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 29 Apr 2003 12:05:09 -0500

I recently upgraded to .Net 1.1 and ran into this problem. I had no problems
with my forms auth code with 1.0.

A user can come in a login against a DB and set a cookie (persists it as
well) and be fine for the rest of the session. When the user comes back they
don't get logged in and they don't even get redirected to the correct login
page.

They app is setup as a virtual web under the root website. My site consists
of one root and a virtual web for each client.

The root website is configured for None as the authentication type with
allow users="*". No real security here. Each site has it's own web.config
file pointing to a login page inside the vir web.

<forms path="/acme" loginUrl="/acme/login.aspx" timeout="30"></forms>

The login page handles the login for the virtual web and sets the cookie if
the user chooses.

Everything works fine everytime I come back if I don't choose to persist the
cookie. When I test the login after choosing to persist the cookie I get
redirected to a login page off of the root website ... /login.aspx. This
doesn't exist, so it's basically a asp.net 404 error description stating
server error in "/" app...not even the right subweb.

I tried to remove the IsolateApps attribute in the machine.config keys that
I saw in previous postings, but that didn't seem to make a difference.

Any Ideas?

Cy Huckaba
Austin, TX

• Next message: John McD: "Formsauthentication - Page_Load problem"
• Previous message: Alek Davis: "Re: 'Illegal key size for this algorithm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Forms Auth not recognizing cookie on return to site (1.1) ... 1.0, stopped working in 1.1. ... > A user can come in a login against a DB and set a cookie (persists it as ... > They app is setup as a virtual web under the root website. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Cookies Expiring due to different time zones. ... post to your aspx login, sending the cookie's date in a hidden field ... set the aspx login cookie using the date/time in the hidden field ... This is the code I am using to create the ticket, ... Your problem is that you're using an extremely short time for the cookie expiration. ... (microsoft.public.dotnet.framework.aspnet) Re: Accessing and displaying SSL web pages and cookies from a windows form ... or LoadXML calls to urls on the website in order to get data or post data to ... first redirected to a SSL login page, if a particular cookie is not present, ... cookie is not present instead of getting the data. ... >> the data in the cookie and also not redirect to the login page. ... (microsoft.public.dotnet.languages.vb) Re: [PHP] Need secure login ... Thanks Justin, actually I was also thinking of the same, but just wanted to ... > c) the user not deleting the cookie ... > Likewise, you can't tie a member to a mac address, or to an IP address. ... Make sure that a user can't login from two different places at ... (php.general) Re: How to share session with IE ... my browser module if necessary. ... program can load the cookies from your real browser's cookie store ... "need to login" condition, and react accordingly. ... Another option instead of making your program run through a series of clicks and text inputs, which is difficult to program, is to browse the html source until you find the name of the script that processes the login, and use python to request the page with the necessary form fields encoded in the request. ... (comp.lang.python)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint