|
Home > Archive > Microsoft Content Management Server > March 2004 > Authorization problem when ticket expires
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Authorization problem when ticket expires
|
|
| Justin 2004-03-02, 7:35 am |
| Hi all,
When I login as an admin, editor, subscriber etc and leave the browser until
the default cookie timout expires, the next time I click a link the forms
authentication tries to take me to the login page. Ok, now I have had
problems with entering an absolute URL in the forms (loginurl) of the
web.config (I have to as the login uses SSL) so I use a relative url to a
plain aspx page and do a simple redirect from that page to the login page as
a workaround.
<authentication mode="Forms"><!-- https://www.host.org/login.aspx will not
work in loginUrl -->
<forms timeout="30" name="myapp" path="/FormsAuth" loginUrl="redirect2.aspx"
protection="All" />
</authentication>
Now when it tried to redirect the browser from redirect2.aspx the browser
seems to go into a brief "redirect loop" for a second of two and eventually
displays a "The page cannot be displayed" error. So it gets to
redirect2.aspx ok, but there somthing preventing it getting to my login
page. The login page does not include any code in the Page_Load event.
It would be nice to be able to enter the absolute URL in the loginUrl
attribute of forms, but I understand this is not a CMS issue, still I would
have thought my "workaround" should work. Any ideas?
Thanks,
Justin
| |
| Stefan [MSFT] 2004-03-02, 8:36 am |
| Hi Justin,
the problem is that login.aspx also requires a login (or the invalid
authentication cookie causes a similar behaviour) and ASP.NET does a
redirect to redirect2.aspx.
You need to ensure that login.aspx does not require authentication. In
addition you need to delete the authentication cookie before doing the
redirect.
This should resolve your redirection problem.
Cheers,
Stefan.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Justin" <speedracer909@hotmail.com> wrote in message
news:eovwwxEAEHA.916@tk2msftngp13.phx.gbl...
> Hi all,
>
> When I login as an admin, editor, subscriber etc and leave the browser
until
> the default cookie timout expires, the next time I click a link the forms
> authentication tries to take me to the login page. Ok, now I have had
> problems with entering an absolute URL in the forms (loginurl) of the
> web.config (I have to as the login uses SSL) so I use a relative url to a
> plain aspx page and do a simple redirect from that page to the login page
as
> a workaround.
>
> <authentication mode="Forms"><!-- https://www.host.org/login.aspx will not
> work in loginUrl -->
>
> <forms timeout="30" name="myapp" path="/FormsAuth"
loginUrl="redirect2.aspx"
> protection="All" />
>
> </authentication>
>
> Now when it tried to redirect the browser from redirect2.aspx the browser
> seems to go into a brief "redirect loop" for a second of two and
eventually
> displays a "The page cannot be displayed" error. So it gets to
> redirect2.aspx ok, but there somthing preventing it getting to my login
> page. The login page does not include any code in the Page_Load event.
>
> It would be nice to be able to enter the absolute URL in the loginUrl
> attribute of forms, but I understand this is not a CMS issue, still I
would
> have thought my "workaround" should work. Any ideas?
>
> Thanks,
> Justin
>
>
| |
| Justin 2004-03-03, 12:34 am |
| Hi Stefan,
Right, I needed to do a CmsFormsAuthentication.SignOut() before the
redirect.
Thanks for the help
Justin
"Stefan [MSFT]" <stefang@online.microsoft.com> wrote in message
news:upyxzUFAEHA.1548@TK2MSFTNGP12.phx.gbl...
> Hi Justin,
>
> the problem is that login.aspx also requires a login (or the invalid
> authentication cookie causes a similar behaviour) and ASP.NET does a
> redirect to redirect2.aspx.
> You need to ensure that login.aspx does not require authentication. In
> addition you need to delete the authentication cookie before doing the
> redirect.
> This should resolve your redirection problem.
>
> Cheers,
> Stefan.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Justin" <speedracer909@hotmail.com> wrote in message
> news:eovwwxEAEHA.916@tk2msftngp13.phx.gbl...
> until
forms[color=darkred]
a[color=darkred]
page[color=darkred]
> as
not[color=darkred]
> loginUrl="redirect2.aspx"
browser[color=darkred]
> eventually
> would
>
>
|
|
|
|
|