Re: Forms Authentication with http/https
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 10/01/04
- Next message: Paul Clement: "Re: Forms Authentication with http/https"
- Previous message: Mike Kozlowski: "Why is "oN%3d" so dangerous?"
- Next in thread: Paul Clement: "Re: Forms Authentication with http/https"
- Maybe reply: Paul Clement: "Re: Forms Authentication with http/https"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Oct 2004 10:54:34 -0300
Holy,
The behaviour that you describe is by desing so Forms will use the protocol
of your login page as Paul wrote.
If you still want to switch to http (althought I would not recomend you
because of the replay attacks to the Forms cookie), you may use this code:
Response.Redirect( FormsAuthentication.GetRedirectUrl( "userName",
false ) );
Regards.
PD: If you want to read about SSO with Forms auth, here are some post about
that.
http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx
-- Hernan de Lahitte Lagash Systems S.A. http://www.lagash.com http://weblogs.asp.net/hernandl "Holysmoke" <Holysmoke@discussions.microsoft.com> escribió en el mensaje news:FBE33C48-0F88-492A-BD68-3EC7579E43BB@microsoft.com... > Sorry . I don't understand. May be I have not clearly explained the > problem > > FormsAuthentication.RedirectFromLoginPage methods redirects to original > requested web site / application but it does not care about the http/https > > For eg. > > The orginal requested is not http based > and the application that issues FormsAuthentcation.RedirectFromLoginPage > is > SSL based, it redirects to the correct original requested page but the > protocol is still SSL and not just http as expected. Hope I have explained > correctly. > > What is the work around for this? > > TIA, > Holy > > "Paul Clement" wrote: > >> On Wed, 29 Sep 2004 07:27:03 -0700, Holysmoke >> <Holysmoke@discussions.microsoft.com> wrote: >> >> ¤ Hi, >> ¤ >> ¤ I am trying to implement Single Sign On solution to my web >> applications. >> ¤ >> ¤ I have developed a web application which does authenticaion and it is >> SSL >> ¤ based. >> ¤ I am having a problem when redirecting to the requested web site(http >> based) >> ¤ after authentication (https based) >> ¤ >> ¤ Let us say I have >> ¤ >> ¤ Site A - An application (configured to do forms authentication on Site >> B) >> ¤ Site B - An application which does authentication which is https based >> ¤ >> ¤ I try to redirect in site B using, >> ¤ >> ¤ System.Web.Security.FormsAuthentication.RedirectFromLoginPage("test", >> False) >> ¤ >> ¤ It works but one problem. >> ¤ >> ¤ After Authentication the Site B tries to redirect to the application A >> but >> ¤ still uses https and not http as expected. >> ¤ >> >> RedirectFromLoginPage uses the protocol of the login page application. >> You may want to consider >> using SSL on your login page if you're implementing Forms based >> authentication with SSL >> applications. >> >> >> Paul ~~~ pclement@ameritech.net >> Microsoft MVP (Visual Basic) >>
- Next message: Paul Clement: "Re: Forms Authentication with http/https"
- Previous message: Mike Kozlowski: "Why is "oN%3d" so dangerous?"
- Next in thread: Paul Clement: "Re: Forms Authentication with http/https"
- Maybe reply: Paul Clement: "Re: Forms Authentication with http/https"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
