|
Home > Archive > Microsoft Content Management Server > May 2006 > Login.aspx infinite redirect loop
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Login.aspx infinite redirect loop
|
|
| hlorofils 2006-05-29, 5:22 pm |
| Our site has guest access and forms authentication. Timeouts for
cookies and session are equal.
The problem: user logs in, waits till cookie timeout ends and clicks on
random link. IE goes into long loading phase that ends with 'the page
cannot be displayed'. Logs show smth like this: /LV/Login.aspx
ReturnUrl=%2fPages%2fLogin. aspx%3flang%3dLV%26ReturnUrl%3d%252fPage
s%252fLogin.aspx%
253flang%253dLV%2526ReturnUrl%253d%25252
fPages%25252fLogin.aspx%25253flang%25253dLV
%252526ReturnUrl%25253d%2525252fPages%25
25252fLogin.aspx%2525253flang%2525253dLV%
25252526ReturnUrl%2525253d%252525252fPag
es%252525252fLogin.aspx%252525253flang%
252525253dLV%2525252526ReturnUrl%2525252
...
I've read that this occurs while MCMS tries to authenticate user that
is accessing Login.aspx, but because cookies have expired the process
goes into infinite loop.
I tried to remove CMSAUTHTOKEN in page_load [Login.aspx]. Once it
worked, but after that [dunno what happened] it doesnt.
| |
| Stefan [MSFT] 2006-05-29, 5:22 pm |
| Hi,
this can happen when the site is accessed through a proxy array and the
"Check Machine IP Against Cookie" option in the SCA is enabled.
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------
"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148569927.548862.224230@g10g2000cwb.googlegroups.com...
> Our site has guest access and forms authentication. Timeouts for
> cookies and session are equal.
>
> The problem: user logs in, waits till cookie timeout ends and clicks on
> random link. IE goes into long loading phase that ends with 'the page
> cannot be displayed'. Logs show smth like this: /LV/Login.aspx
> ReturnUrl=%2fPages%2fLogin. aspx%3flang%3dLV%26ReturnUrl%3d%252fPage
s%252fLogin.aspx%
> 253flang%253dLV%2526ReturnUrl%253d%25252
fPages%25252fLogin.aspx%25253flang%25253dLV
> %252526ReturnUrl%25253d%2525252fPages%25
25252fLogin.aspx%2525253flang%2525253dLV%
> 25252526ReturnUrl%2525253d%252525252fPag
es%252525252fLogin.aspx%252525253flang%
> 252525253dLV%2525252526ReturnUrl%2525252
...
>
> I've read that this occurs while MCMS tries to authenticate user that
> is accessing Login.aspx, but because cookies have expired the process
> goes into infinite loop.
>
> I tried to remove CMSAUTHTOKEN in page_load [Login.aspx]. Once it
> worked, but after that [dunno what happened] it doesnt.
>
| |
| hlorofils 2006-05-29, 5:22 pm |
| "Check Machine IP Against Cookie" is not enabled.
| |
| Stefan [MSFT] 2006-05-29, 5:22 pm |
| Hi,
then it might be that the login page is not enabled for anonymous access.
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------
"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148572980.675995.202420@i40g2000cwc.googlegroups.com...
> "Check Machine IP Against Cookie" is not enabled.
>
| |
| hlorofils 2006-05-29, 5:22 pm |
| Hi, Stefan,
Here are relevant details from web.config:
<authentication mode="Forms">
<forms name="LVPAUTHTOKEN" cookieless="UseCookies"
loginUrl="/LV/Login.aspx" path="/" protection="All" timeout="30"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes" cookieless="false"
timeout="30"/>
and Login.aspx:
protected void Page_Load(object sender, EventArgs e)
{
HttpCookieCollection cookieCols = new HttpCookieCollection();
cookieCols = Request.Cookies;
Request.Cookies.Remove("CMSAUTHTOKEN");
}
private void authenticate()
{
try
{
CmsAuthenticationTicket Ticket =
CmsFormsAuthentication. AuthenticateAsUser(WebConfigurationManag
er.AppSettings["MCMSDomainPref"]
+ LoginName.Text, Password.Text);
if (Ticket != null)
{
CmsFormsAuthentication.SetAuthCookie(Ticket, true,
false);
Response.Redirect(WebConfigurationManager.AppSettings["AppPath"] +
"/LV/WebLinks");
}
else
{
Msg.Text = "Invalid username/password";
}
}
catch (Exception ex)
{
Msg.Text = ex.Message;
}
}
In authenticate() I'm also retrieving our custom User data object and
putting it into Session, but basically that's it.
| |
| Stefan [MSFT] 2006-05-29, 5:22 pm |
| Hi,
sorry if I wasn't clear enough in my previous post.
I was not talking about web.config settings but about IIS metabase settings
and ACLs.
Please verify if there are any 401 reponses in the IIS log.
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------
"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148630851.444781.35720@y43g2000cwc.googlegroups.com...
> Hi, Stefan,
>
> Here are relevant details from web.config:
>
> <authentication mode="Forms">
> <forms name="LVPAUTHTOKEN" cookieless="UseCookies"
> loginUrl="/LV/Login.aspx" path="/" protection="All" timeout="30"/>
> </authentication>
>
> <authorization>
> <allow users="*"/>
> </authorization>
>
> <sessionState mode="InProc"
> stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes" cookieless="false"
> timeout="30"/>
>
>
> and Login.aspx:
>
> protected void Page_Load(object sender, EventArgs e)
> {
> HttpCookieCollection cookieCols = new HttpCookieCollection();
> cookieCols = Request.Cookies;
> Request.Cookies.Remove("CMSAUTHTOKEN");
> }
>
> private void authenticate()
> {
> try
> {
> CmsAuthenticationTicket Ticket =
> CmsFormsAuthentication. AuthenticateAsUser(WebConfigurationManag
er.AppSettings["MCMSDomainPref"]
> + LoginName.Text, Password.Text);
> if (Ticket != null)
> {
> CmsFormsAuthentication.SetAuthCookie(Ticket, true,
> false);
>
> Response.Redirect(WebConfigurationManager.AppSettings["AppPath"] +
> "/LV/WebLinks");
> }
> else
> {
> Msg.Text = "Invalid username/password";
> }
> }
> catch (Exception ex)
> {
> Msg.Text = ex.Message;
> }
> }
>
> In authenticate() I'm also retrieving our custom User data object and
> putting it into Session, but basically that's it.
>
| |
| hlorofils 2006-05-29, 5:22 pm |
| IIS logs show only 302, not 401.
But event viewer shows this: 'Forms authentication failed for the
request. Reason: the ticket supplied has expired'.
| |
| Stefan [MSFT] 2006-05-29, 5:22 pm |
| Hi,
what is the event source for this entry?
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------
"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148642888.496940.207670@j33g2000cwa.googlegroups.com...
> IIS logs show only 302, not 401.
>
> But event viewer shows this: 'Forms authentication failed for the
> request. Reason: the ticket supplied has expired'.
>
| |
| hlorofils 2006-05-29, 5:22 pm |
| It is ASP.NET.
Maybe I'm wrong but has it something to do with Application Pool
Identity? Right now it runs under Network Service account and not
IUSR_LVP. So after timeout it is not possible to access Login.aspx with
Network Service account.
| |
| Stefan [MSFT] 2006-05-29, 5:22 pm |
| Hi,
if this is an ASP.NET error then you should better post this question to an
ASP.NET related newsgroup.
Cheers,
Stefan
--
This posting is provided "AS IS" with no warranties, and confers no rights
New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------
"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148644795.226814.67780@u72g2000cwu.googlegroups.com...
> It is ASP.NET.
>
> Maybe I'm wrong but has it something to do with Application Pool
> Identity? Right now it runs under Network Service account and not
> IUSR_LVP. So after timeout it is not possible to access Login.aspx with
> Network Service account.
>
|
|
|
|
|