Tech Off Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

ASP.NET Serving wrong "RedirectFromLoginPage" info

Back to Forum: Tech Off
  • User profile image
    W3bbo

    Hi

    I've got this line on my page, seems fine right?

    System.Web.Security.FormsAuthentication.RedirectFromLoginPage(UserName, True)
    


    Now, the page that has it, is often called with this URL QueryString parameter:

    http://insect/Pages/misc/Login.aspx?ReturnUrl=%2fPages%2fitems%2fAttach.aspx
    


    But when the "RedirectFromLoginPage" method is called, I get this:

    POST /Pages/misc/Login.aspx HTTP/1.1
    Host: insect
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: http://insect/Pages/misc/Login.aspx?ReturnUrl=%2fPages%2fitems%2fAttach.aspx
    Cookie: ASP.NET_SessionId=yjt3e055fvcbxq55axc2ze55;
    InsectUser=1387D72C5C5AF1E117052B<Snip>
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 296
    __VIEWSTATE=dDwxNjM3MTI5MD<Snip>
    
    HTTP/1.x 302 Found
    Date: Mon, 12 Sep 2005 19:07:45 GMT
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    X-AspNet-Version: 1.1.4322
    Location: /default.aspx
    Set-Cookie:
    InsectUser=1B824D2964A5EFAC655B<Snip>
    Expires=Sun, 12-Sep-2055 19:07:45 GMT; path=/
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Content-Length: 3209
    


    Note that the "location" field doesn't match the ReturnUrl parameter.

    So, what's going on?

    Besides, there isn't even a /default.aspx file on the website!

  • User profile image
    sbc

    Have you tried just using Response.Redirect after setting your FormsAuthentication cookie?

  • User profile image
    W3bbo

    sbc wrote:
    Have you tried just using Response.Redirect after setting your FormsAuthentication cookie?


    Yeah, that's works fine for me... and it gives me more control.

    ...so why is there a .RedirectFromLoginPage() method, exactly?

  • User profile image
    sbc

    To be honest I've never actually used it. I think it has problems with the UserData part of the FormsAuthenticationTicket. So roles are not set when you use RedirectFromLoginPage.

    I use the following in my Global.asax:

        Public Sub Application_AuthenticateRequest(s As Object, e As EventArgs)
            If (Not(HttpContext.Current.User Is Nothing)) Then
                If HttpContext.Current.User.Identity.AuthenticationType = "Forms" Then
               
        Dim id as System.Web.Security.FormsIdentity =
    HttpContext.Current.User.Identity
                    Dim ticket As FormsAuthenticationTicket = id.Ticket
                    ' Get the stored user-data, in this case, our roles
                    Dim userData As String = ticket.UserData
                    Dim roles As String() = userData.Split(",")
               
        HttpContext.Current.User = New GenericPrincipal(id,
    roles)
                  End If
            End If
        End Sub
    


Conversation locked

This conversation has been locked by the site admins. No new comments can be made.