Re: mixed mode authentication + no postbacks

Steven Cheng [MSFT] wrote:
Hi tia,

From your description, you've applied a custom mixed authenitcation in your ASP.NET web application,and the windows authentication module will generate forms authentication cookie and redirect user to formsauthentication site. However, you found that after redirected from windows authenticatino site, any page postback operation no longer work, correct?

If this is the case, I think the behavior is quite unexpected. As for the postback not work, do you mean even putting a typical submit button(and click it) will not cause page to postback? Or if the client-side browser does perform the postback and server-side didn't show any reflection or return any response? I'm still not quite sure about the exact result and behavior when you go through the redirector module and return to main site pages. Is there any particular error message?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Date: Tue, 13 May 2008 08:44:02 +0200
From: "domagoj@xxxxxxxxxxxxxxxx" <domagoj@xxxxxxxxxxxxxxxx>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: mixed mode authentication + no postbacks

Hi there

I implemented a mixed mode authentication as follows:
main site using forms authentication
redirector site using windows authentication, creates a forms authentication cookie and redirects to main site

the problem is if i go to the main site everything works fine

if i go to the redirector site it redirects to the main site ( as expected, cookie is generated as expected and in site Context.Current.User is set as expected ) but no postbacks occur anymore, even if i logout an logon to the main site problem resides, i figured out that any "redirector" site protected by windows authentication redirecting to my site causes postbacks to not function anymore.

I tried the sample from Microsoft Press Book "Developing More-Secure Microsoft?ASP.NET 2.0 Applications" and same thing happened.

My config Vista SP1 .NET 3.5
or 2003 R2 .NET 3.5

Applications are .NET 2.0 applications

tia dom



correct, no button or any other method to trigger postback works anymore, ispostback is always false and no viewstate form fiels is sent to server anymore

i wrote a small webapp with one page and one button, by clicking the button the app creates a authcookie(always with same information within it) and redirects to my app, if i set authentication for this app to forms or none everything works as expected, but if i set the authentication to windows the problem same as described in my post

i figured out that browser sends the authentication handshakes if redirect from windows authorized webapp and on every "postback" ist one more

tia dom
.

Quantcast