Re: mixed mode authentication + no postbacks

I know the sample from the book you are talking about ;)

The behavior you describe is very unexpected. Do you have another test machine to verify this?

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Steven Cheng [MSFT] wrote:

Hi tia,

From your description, you've applied a custom mixed authenitcation
in your ASP.NET web application,and the windows authentication module
will generate forms authentication cookie and redirect user to
formsauthentication site. However, you found that after redirected
from windows authenticatino site, any page postback operation no
longer work, correct?

If this is the case, I think the behavior is quite unexpected. As for
the postback not work, do you mean even putting a typical submit
button(and click it) will not cause page to postback? Or if the
client-side browser does perform the postback and server-side didn't
show any reflection or return any response? I'm still not quite sure
about the exact result and behavior when you go through the
redirector module and return to main site pages. Is there any
particular error message?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments
and suggestions about how we can improve the support we provide to
you. Please feel free to let my manager know what you think of the
level of service provided. You can send feedback directly to my
manager at: msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp
x#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach
the
most efficient resolution. The offering is not appropriate for
situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are
best
handled working with a dedicated Microsoft Support Engineer by
contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------

Date: Tue, 13 May 2008 08:44:02 +0200
From: "domagoj@xxxxxxxxxxxxxxxx" <domagoj@xxxxxxxxxxxxxxxx>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: mixed mode authentication + no postbacks
Hi there

I implemented a mixed mode authentication as follows:
main site using forms authentication
redirector site using windows authentication, creates a forms
authentication cookie and redirects to main site
the problem is if i go to the main site everything works fine

if i go to the redirector site it redirects to the main site ( as
expected, cookie is generated as expected and in site
Context.Current.User is set as expected ) but no postbacks occur
anymore, even if i logout an logon to the main site problem resides,
i figured out that any "redirector" site protected by windows
authentication redirecting to my site causes postbacks to not
function anymore.

I tried the sample from Microsoft Press Book "Developing More-Secure
Microsoft?ASP.NET 2.0 Applications" and same thing happened.

My config Vista SP1 .NET 3.5
or 2003 R2 .NET 3.5
Applications are .NET 2.0 applications

tia dom

correct, no button or any other method to trigger postback works
anymore, ispostback is always false and no viewstate form fiels is
sent to server anymore

i wrote a small webapp with one page and one button, by clicking the
button the app creates a authcookie(always with same information
within it) and redirects to my app, if i set authentication for this
app to forms or none everything works as expected, but if i set the
authentication to windows the problem same as described in my post

i figured out that browser sends the authentication handshakes if
redirect from windows authorized webapp and on every "postback" ist
one more

tia dom



.