Re: Forms Authentication w/SubFolders
From: John Kraft (jhkraft_at_ilstu.edu)
Date: 08/06/03
- Next message: VB Programmer: "HOW TO: Setting Up Forms Authentication"
- Previous message: John Saunders: "Re: Authentication code"
- In reply to: Joel Finkel: "Re: Forms Authentication w/SubFolders"
- Next in thread: Glen M: "Re: Forms Authentication w/SubFolders"
- Reply: Glen M: "Re: Forms Authentication w/SubFolders"
- Reply: Joel Finkel: "Re: Forms Authentication w/SubFolders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Aug 2003 15:23:08 -0500
Joel Finkel wrote:
> I have come into this newsgroup precisely to look for an answer to this. I
> am quite amazed to see this very question! Furthermore, I see a posting
> made a few days later that reports a similar issue: Sucessful authentication
> returns to the login page.
>
> My situation is that in root, aspx pages authenticate fine (the login.aspx
> form is in the root, as well). But in sub-directories, while the login.aspx
> form is correctly invoked, the redirect returns to the login.aspx page.
> This happens regardless of the presense of a web.config file in the
> subdirectory, or the contents of it. I have played around with variations
> for about 3 hours. I have verified that the cookies is being created and
> sent, but for some reason the application in the sub-directory is not hip to
> the fact that this cookie exists, and returns to the login.aspx page.
>
> Pretty big problem. Hope there is a simple fix.
>
> Thanks for all suggestions.
> -Joel
>
>
> "JTR" <jtrichard@sotasw.com> wrote in message
> news:038001c35618$a80ca270$a601280a@phx.gbl...
>
>>I'm trying to create a structure I can share
>>authentication from a root application with many
>>subordinate applications (subfolders).
>>
>>The web.config file for the root has:
>>
>><authorization>
>><allow users="*" />
>></authorization>
>>
>>Then, each subordinate application (subfolder) has a
>>web.config with the following:
>>
>> <authentication mode="Forms">
>><forms name=".BUZZARD"
>>loginUrl="../login.aspx">
>></forms>
>> </authentication>
>> <authorization>
>><deny users="?" />
>> </authorization>
>>
>>When the user access a resource in a subfolder, the login
>>form is displayed and authenticates the user correctly,
>>including the creation of an authentication ticket. But,
>>when the login form attempts to redirect the browser to
>>the requested secure resource, the login form is
>>redisplayed. I have tried using
>>FormsAuthentication.RedirectFromLoginPage() and
>>Response.Redirect() with the same results.
>>
>>Any ideas?
>>
>>JTR.
>
>
>
I was having this problem too. It turned out to not be a problem with
the cookie, but with the encryption/decryption of the cookie. Even
though the cookie was inside the same project, even though a subfolder,
the encryption key is supposed to be the same. It wasn't. I tried
manually setting the encryption key in the webconfig. I even tried
putting another copy of the same web.config into the subdirectory. For
some reason nothing seemed to work. We ended up setting the
protection="All" to protection="None" to get around it. We still have
not corrected the problem, but if you make that change it might indicate
that the problem is not actually with the cookie.
John
- Next message: VB Programmer: "HOW TO: Setting Up Forms Authentication"
- Previous message: John Saunders: "Re: Authentication code"
- In reply to: Joel Finkel: "Re: Forms Authentication w/SubFolders"
- Next in thread: Glen M: "Re: Forms Authentication w/SubFolders"
- Reply: Glen M: "Re: Forms Authentication w/SubFolders"
- Reply: Joel Finkel: "Re: Forms Authentication w/SubFolders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
