RE: Forms Authentication - Sudden Redirect Failure on Login

---

• From: Stephen Davies <StephenDavies@xxxxxxxxxxxxx>
• Date: Tue, 18 Jul 2006 17:30:02 -0700

---

FormCookiePath is "/"

dtTimeout set to one hour from the login time (in the case of non persistent)

DateTime.Now is correct

Removing the code

// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);

if (redirectURL == null || redirectURL == "noRedirect") return;

// Don't call FormsAuthentication.RedirectFromLoginPage since it could
// replace the authentication ticket (cookie) we just added
// string fred = FormsAuthentication.GetRedirectUrl(strUser, false);
// Debug.WriteLine("FormsAuthCore GetRedirectURL (not used) ->" + fred);

Debug.WriteLine("FormsAuthCore set cookie lastlogin->" + strUser.ToUpper());
SetCookie("lastlogin", strUser.ToUpper());
Debug.WriteLine("FormsAuthCore - Redirect to ->" + redirectURL);
Response.Redirect(redirectURL);

----------------------------------------------------------------
and replacing with
----------------------------------------------------------------

FormsAuthentication.RedirectFromLoginPage(strUser.ToUpper(), bPersistant);
return;

Yields the problem on ALL platforms, the redirect does not happen. Switch
back to the original code and it functions correctly (with the redirect to
the desired secured page), interesting?

The redirect still gets intercepted by the login authorisation on the
production platform in either scenario.

Regards
Stephen Davies
--
Regards
Stephen Davies


"Luke Zhang [MSFT]" wrote:

Hello Stephen,

Thank you for the code. After review the code, I suggest you may check
following issues:

1. Since you have check the redirectURL, and confirm it is correct. You may
also check these values: FormsCookiePath, DateTime.Now and dtTimeout. ( I
understand the system has been working for months, and these values are
almost no problem. But it is still worthy of a try to ensure we have check
everything there).
2. Temporarily use FormsAuthentication.RedirectFromLoginPage instead
setting cookies by code. (Just ensure there is no problem on the cookies ).

Please let me the result of above tests. I am looking forward to hear from
you.

Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• Follow-Ups:
  • RE: Forms Authentication - Sudden Redirect Failure on Login
    • From: Luke Zhang [MSFT]

• References:
  • RE: Forms Authentication - Sudden Redirect Failure on Login
    • From: Luke Zhang [MSFT]

• Prev by Date: Re: Source code for ActiveDirectoryMembership provider?
• Next by Date: Re: Forms Authentication - Supress displaying the login page for certain web pages
• Previous by thread: RE: Forms Authentication - Sudden Redirect Failure on Login
• Next by thread: RE: Forms Authentication - Sudden Redirect Failure on Login
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Email resent on page refresh ... So if I redirect then I do not get duplicate email send. ... event handler will not be executed again. ... Microsoft Online Support ... nature are best handled working with a dedicated Microsoft Support Engineer ... (microsoft.public.dotnet.framework.aspnet.webcontrols) RE: RoleProvider Capturing Authentication Events ... login page) see different pages depend on whether they're unauthenticated ... Because if a user is redirect to login ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.framework.aspnet) RE: How to add cookie with axWebBrowser ... for we need a cookie item to implement loading balance ... ByVal lpszCookieName As String, _ ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.vb.controls.internet) Re: login control persistent cookie problem ... and the cookie lasts forever. ... There is no timout setting in the web.config. ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.framework.aspnet) RE: Redirect after 5 seconds only if bolNeedToRedirect=True ? ... There are several ways to redirect the users to another page: ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ... (microsoft.public.dotnet.framework.aspnet)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-08