Our site has guest access and forms authentication. Timeouts for
cookies and session are equal.

The problem: user logs in, waits till cookie timeout ends and clicks on
random link. IE goes into long loading phase that ends with 'the page
cannot be displayed'. Logs show smth like this: /LV/Login.aspx
ReturnUrl=%2fPages%2fLogin. aspx%3flang%3dLV%26ReturnUrl%3d%252fPage
s%252fLog
in.aspx%
 253flang%253dLV%2526ReturnUrl%253d%25252
fPages%25252fLogin.aspx%25253flang%2
5253dLV
 %252526ReturnUrl%25253d%2525252fPages%25
25252fLogin.aspx%2525253flang%252525
3dLV%
 25252526ReturnUrl%2525253d%252525252fPag
es%252525252fLogin.aspx%252525253fla
ng%
 252525253dLV%2525252526ReturnUrl%2525252
 ...

I've read that this occurs while MCMS tries to authenticate user that
is accessing Login.aspx, but because cookies have expired the process
goes into infinite loop.

I tried to remove CMSAUTHTOKEN in page_load [Login.aspx]. Once it
worked, but after that [dunno what happened] it doesnt.

[ Post a follow-up to this message ]

Hi,

this can happen when the site is accessed through a proxy array and the
"Check Machine IP Against Cookie" option in the SCA is enabled.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------


"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148569927.548862.224230@g10g2000cwb.googlegroups.com...
> Our site has guest access and forms authentication. Timeouts for
> cookies and session are equal.
>
> The problem: user logs in, waits till cookie timeout ends and clicks on
> random link. IE goes into long loading phase that ends with 'the page
> cannot be displayed'. Logs show smth like this: /LV/Login.aspx
> ReturnUrl=%2fPages%2fLogin. aspx%3flang%3dLV%26ReturnUrl%3d%252fPage
s%252fL
ogin.aspx%
>  253flang%253dLV%2526ReturnUrl%253d%25252
fPages%25252fLogin.aspx%25253flang
%25253dLV
>  %252526ReturnUrl%25253d%2525252fPages%25
25252fLogin.aspx%2525253flang%2525
253dLV%
>  25252526ReturnUrl%2525253d%252525252fPag
es%252525252fLogin.aspx%252525253f
lang%
>  252525253dLV%2525252526ReturnUrl%2525252
 ...
>
> I've read that this occurs while MCMS tries to authenticate user that
> is accessing Login.aspx, but because cookies have expired the process
> goes into infinite loop.
>
> I tried to remove CMSAUTHTOKEN in page_load [Login.aspx]. Once it
> worked, but after that [dunno what happened] it doesnt.
>

[ Post a follow-up to this message ]

"Check Machine IP Against Cookie" is not enabled.

[ Post a follow-up to this message ]

Hi,

then it might be that the login page is not enabled for anonymous access.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------


"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148572980.675995.202420@i40g2000cwc.googlegroups.com...
> "Check Machine IP Against Cookie" is not enabled.
>

[ Post a follow-up to this message ]

Hi, Stefan,

Here are relevant details from web.config:

<authentication mode="Forms">
<forms name="LVPAUTHTOKEN" cookieless="UseCookies"
loginUrl="/LV/Login.aspx" path="/" protection="All" timeout="30"/>
</authentication>

<authorization>
<allow users="*"/>
</authorization>

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes" cookieless="false"
timeout="30"/>


and Login.aspx:

protected void Page_Load(object sender, EventArgs e)
{
HttpCookieCollection cookieCols = new HttpCookieCollection();
cookieCols = Request.Cookies;
Request.Cookies.Remove("CMSAUTHTOKEN");
}

private void authenticate()
{
try
{
CmsAuthenticationTicket Ticket =
CmsFormsAuthentication. AuthenticateAsUser(WebConfigurationManag
er.AppSetting
s["MCMSDomainPref"]
+ LoginName.Text, Password.Text);
if (Ticket != null)
{
CmsFormsAuthentication.SetAuthCookie(Ticket, true,
false);

Response.Redirect(WebConfigurationManager.AppSettings["AppPath"] +
"/LV/WebLinks");
}
else
{
Msg.Text = "Invalid username/password";
}
}
catch (Exception ex)
{
Msg.Text = ex.Message;
}
}

In authenticate() I'm also retrieving our custom User data object and
putting it into Session, but basically that's it.

[ Post a follow-up to this message ]

Hi,

sorry if I wasn't clear enough in my previous post.
I was not talking about web.config settings but about IIS metabase settings
and ACLs.
Please verify if there are any 401 reponses in the IIS log.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------


"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148630851.444781.35720@y43g2000cwc.googlegroups.com...
> Hi, Stefan,
>
> Here are relevant details from web.config:
>
> <authentication mode="Forms">
>      <forms name="LVPAUTHTOKEN" cookieless="UseCookies"
> loginUrl="/LV/Login.aspx" path="/" protection="All" timeout="30"/>
> </authentication>
>
> <authorization>
> <allow users="*"/>
> </authorization>
>
> <sessionState mode="InProc"
> stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes" cookieless="false"
> timeout="30"/>
>
>
> and Login.aspx:
>
> protected void Page_Load(object sender, EventArgs e)
> {
> HttpCookieCollection cookieCols = new HttpCookieCollection();
>        cookieCols = Request.Cookies;
>        Request.Cookies.Remove("CMSAUTHTOKEN");
> }
>
> private void authenticate()
> {
> try
>        {
>        CmsAuthenticationTicket Ticket =
> CmsFormsAuthentication. AuthenticateAsUser(WebConfigurationManag
er.AppSetti
ngs["MCMSDomainPref"]
> + LoginName.Text, Password.Text);
>                if (Ticket != null)
>                {
>                    CmsFormsAuthentication.SetAuthCookie(Ticket, true,
> false);
>
> Response.Redirect(WebConfigurationManager.AppSettings["AppPath"] +
> "/LV/WebLinks");
>                }
>                else
>                {
>                    Msg.Text = "Invalid username/password";
>                }
>        }
>        catch (Exception ex)
>        {
>        Msg.Text = ex.Message;
>        }
> }
>
> In authenticate() I'm also retrieving our custom User data object and
> putting it into Session, but basically that's it.
>

[ Post a follow-up to this message ]

IIS logs show only 302, not 401.

But event viewer shows this: 'Forms authentication failed for the
request. Reason: the ticket supplied has expired'.

[ Post a follow-up to this message ]

Hi,

what is the event source for this entry?

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------


"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148642888.496940.207670@j33g2000cwa.googlegroups.com...
> IIS logs show only 302, not 401.
>
> But event viewer shows this: 'Forms authentication failed for the
> request. Reason: the ticket supplied has expired'.
>

[ Post a follow-up to this message ]

It is ASP.NET.

Maybe I'm wrong but has it something to do with Application Pool
Identity? Right now it runs under Network Service account and not
IUSR_LVP. So after timeout it is not possible to access Login.aspx with
Network Service account.

[ Post a follow-up to this message ]

Hi,

if this is an ASP.NET error then you should better post this question to an
ASP.NET related newsgroup.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
Check out the new book as well: Advanced MCMS development:
http://tinyurl.com/8ugwj
----------------------


"hlorofils" <hlorofils@gmail.com> wrote in message
news:1148644795.226814.67780@u72g2000cwu.googlegroups.com...
> It is ASP.NET.
>
> Maybe I'm wrong but has it something to do with Application Pool
> Identity? Right now it runs under Network Service account and not
> IUSR_LVP. So after timeout it is not possible to access Login.aspx with
> Network Service account.
>

[ Post a follow-up to this message ]