0

I have developed a .NET 4.0 ASP.NET website. All working great locally. Developed on IIS7.5, WS2008R2 Enterprise + all updates.

I deploy to WS2003 server. All almost works except, when I am logging into the website (Forms auth) it redirects me back to the login page! No errors, no nothing. Sometimes when I manage to get through that, and navigate to another page or perform an action like a click of a button, I get redirected back to the login page!

Convinced there was a problem with the server setup, the IT guy installed WS2008R2 + all updates. Great - so I deployed the website on to that. Guess what? STILL THE SAME PROBLEM!

what gives? Why on earth would it redirect back to the login page when you login (no code to do that) or when you perform an action?

The other thing is, I am using the Telerik control and also the ASP.NET AJAX extenders. The server doesn't seem to load them (no errors on both server and client). There are supposed to be drop down menus and that does not work in addition to the AJAX calendar to popup - that does not work either.

I am not sure what to do now as this is frustrating and NEVER have I run into such a problem.

here is part of my config file:

<configSections>
    <sectionGroup name="system.web">
      <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/>
    </sectionGroup>
  </configSections>

<system.web>
    <globalization culture="en-gb" uiCulture="en-gb"/>
    <httpRuntime maxRequestLength="100240"/>
    <trust level="Full"/>
    <sanitizer defaultProvider="HtmlAgilityPackSanitizerProvider">
      <providers>
        <add name="HtmlAgilityPackSanitizerProvider" type="AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider"/>
      </providers>
    </sanitizer>
    <compilation debug="true" targetFramework="4.0">

      <assemblies>
        <add assembly="Telerik.Web.UI, Version=2012.3.1017.40, Culture=neutral, PublicKeyToken=949410a6b6ad1e71"/>
      </assemblies>
    </compilation>
    <sessionState mode="InProc" timeout="30"/>
    <authentication mode="Forms">
      <forms name="RegisteredUsers" defaultUrl="~/Help/About.aspx" path="/" protection="All" loginUrl="~/Account/Login.aspx" timeout="31"/>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
    <httpHandlers>
    <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false"/>
    </httpHandlers>
  </system.web>
  <location path="Account">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Public">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Styles">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Scripts">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Images">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Help">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <validation validateIntegratedModeConfiguration="false"/>
    <handlers>
      <add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource"/>
    </handlers>
  </system.webServer>

As for the authentication code:

// log them in and authenticate
                                FormsAuthentication.SetAuthCookie(this.txtUsername.Text, false);
                                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, this.txtUsername.Text, DateTime.Now, DateTime.Now.AddYears(1), false, this.txtUsername.Text);

                                // For security reasons we may hash the cookies
                                string hashCookies = FormsAuthentication.Encrypt(ticket);
                                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);
                                cookie.Path = FormsAuthentication.FormsCookiePath;
                                cookie.Expires = ticket.Expiration;

                                // add the cookie to user browser
                                Response.Cookies.Add(cookie);

                                    Session[CommonStrings.USER_LOGGED_IN] = userResponse.User;



                                // if DefaultWebPage is not null then redirect to that otherwise, default behavior.
                                if (!string.IsNullOrWhiteSpace(userResponse.User.DefaultWebPage))
                                {
                                    Response.Redirect(userResponse.User.DefaultWebPage, false);
                                }
                                else
                                {
                                    FormsAuthentication.RedirectFromLoginPage(this.txtUsername.Text, false);
                                }
Pranav C Balan
  • 106,305
  • 21
  • 136
  • 157
Ahmed ilyas
  • 5,502
  • 8
  • 37
  • 68
  • Is the application on one server or multiple? If it's on a cluster you may hit a different server than the one you've just used to log on. – Stokedout May 22 '13 at 15:50
  • 1
    Sounds like you don't use an http debugger like Fiddler. Try it, you could possibly discover your issues this way. – Wiktor Zychla May 22 '13 at 16:10
  • On single server (joined to domain). Tried fiddler - shows nothing obvious but a 302 redirect to the login page – Ahmed ilyas May 22 '13 at 17:47

1 Answers1

0

If I recall correctly I've experienced something like that in the past... you may be missing a machinekey in your web.config file:

<machineKey 
  validationKey="EFE16B647D7AF66E1D223402ECC44428B424A442873221EC47E24358B58FEDEE7DFB97B4907605AC74670B5BC419C1C9E8980D43D84DA895275F9FB30E5078D6"
  decryptionKey="F8BB1E557DEE7AE224A08FCFB429498D218D4D65FF19CA0E160F5D68382B53C7"
  validation="SHA1" decryption="AES"

/>
Leniel Maccaferri
  • 94,281
  • 40
  • 348
  • 451
  • Thanks. nope, just a standalone server. Fiddler doesnt bring anything obvious. shows a 302 going back to the login page but thats it. I forgot to mention I DO have this code in the site.master but dont think it is a problem: // All pages require authorised access (i.e user must be logged in) if (!this.Page.User.Identity.IsAuthenticated || this.CurrentLoggedInUser == null) { FormsAuthentication.RedirectToLoginPage(); Response.End(); } – Ahmed ilyas May 22 '13 at 17:46
  • thanks but i dont see why I should add that, if it works fine on my own local dev server? – Ahmed ilyas May 22 '13 at 17:46
  • Do you save a cookie with the user login credentials? The cookie ASP.NET uses is called `.ASPXAUTH` http://stackoverflow.com/q/423467/114029 ... Do you have a checkbox which the user can click and select remember me? – Leniel Maccaferri May 22 '13 at 17:49
  • Thanks Leniel. I dont have a check box for remember me (nor should it have it) but the default value is false as per the original code). However what does not make sense is that this value is for saving it across multiple browser sessions - but I am referring to a single browser instance. – Ahmed ilyas May 22 '13 at 17:56
  • Does the production server have other apps in IIS? – Leniel Maccaferri May 22 '13 at 17:58
  • So... just to make a test: add the machine key in `Web.config`. Delete all user accounts from the database. Recreate them using ASP.NET Configuration in Visual Studio menu Project => ASP.NET Configuration. Redeploy the app and the database with the new users to the server and report back if the logged in users keep being logged of. – Leniel Maccaferri May 22 '13 at 18:52
  • Well we cant recreate the users.... its not using the ASP.NET membership stuff - this is pure custom code, code ive done for years before this project and has worked fine. I'll add the machine key and see what happens but ive NEVER had to do that. – Ahmed ilyas May 22 '13 at 18:58
  • Uhmmmm... I thought you were using the membership stuff. If it's custom code there may be lots of other possibilities. There's no need then to add a machine key, since it's used during the creation of user accounts. – Leniel Maccaferri May 22 '13 at 18:59
  • Well what other possibilities? :) Ive posted the code that has the redirects and config - not sure where to turn now. and like i said, never once have i had issues like this so its frustrating and odd – Ahmed ilyas May 22 '13 at 19:08
  • Links that can shed some light: http://stackoverflow.com/q/2759901/114029 and http://stackoverflow.com/q/2224562/114029 – Leniel Maccaferri May 22 '13 at 21:28
  • im not convinced but this seems to fix it (For now at least). Still not sure why it doesnt happen locally. I removed the FormsAuthentication.SetAuthCookie(this.txtUsername.Text, false); line since I was doing this twice (the one next to it in the original post). Also Changed in the appool from integrated, to classic then back to integrated (not sure if that changed anything). I also removed an unload event on a page which subscribed to the "Success" event of the login control as all it was doing was unsubscribing to that event. I doubt it made a difference but worth a shot. Seems ok...for now. – Ahmed ilyas May 23 '13 at 09:46