Pb with Forms authentication login redirect to https

5 posts, 0 answers
  1. CSurieux
    CSurieux avatar
    465 posts
    Member since:
    Jan 2007

    Posted 26 Jun 2009 Link to this post

    Hello,

    Using last 2009 527 version, I have following problem.
    My app uses Forms authentication and some folders could only be accessed by authenticated users with ssl protection.
    I use classic asp.net
    <authentication mode="Forms"/>  
    <forms loginUrl=https://www.myportal.com/secure/login.aspx?PageID=200 defaultUrl="DefaultModulesPage.aspx" requireSSL="false" /> 
    </authentication> 
             

    Until ajax.net and Telerik, this was working Ok, redirecting non authenticated users to login.aspx with https.

    Now I am using .net 3.5 with radajax.net and lot of related more declarations in web.config, like
    <httpRuntime useFullyQualifiedRedirectUrl="true" ... enableVersionHeader="false" /> 
             

    and I don't know why but my browser ( Fiddler traced it) receive something strange
    http://www.myportal.com/secure/login.aspx?PageID=200&ReturnUrl=My_original_url_with_query_encoded&Doubled_querystring

    First and main pb: it is no more https ???
    Calling directly https://same url works perfectly, certificate is installed under IIS6 (W2K3) and ssl working Ok.

    Next I get a double value for my original query string added to the end of request, even if the return url parameter already contains it.
    ??

    My question, is somebody playing with 'location' in ajax.net or radajax.net ?

    What could I check ?

    Thanks for help.

    CS



  2. Pavel
    Admin
    Pavel avatar
    904 posts

    Posted 02 Jul 2009 Link to this post

    Hello Christian,

    Looking at the settings you have pasted I have noticed that the requireSSL property is set to 'false' which may be the cause for the non-ssl connection. I can also suggest you to check the following links from the Asp.Net AJAX documentation:

    http://www.asp.net/AJAX/Documentation/Live/Tutorials/UsingFormsAuthenticationTutorial.aspx
    http://www.asp.net/AJAX/Documentation/Live/mref/T_System_Web_Configuration_ScriptingAuthenticationServiceSection.aspx

    All the best,
    Pavel
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. CSurieux
    CSurieux avatar
    465 posts
    Member since:
    Jan 2007

    Posted 02 Jul 2009 Link to this post

    Hello Pavel,

    The RequireSSL means 'send cookie only on ssl transactions', it has no influence on redirection (tested).
    I don't use today Ajax login but classic one with an aspx page containing a asp:login control.
    (But I plan to do it so I have included any web.config declaration related to it.)

    My concern was : could  Telerik, somewhere, change or play with the location sent back to browser.
    (I have already encountered some difficulties related to url rewriting and Form.Action) ???

    Concerning your links, they are old (ajax.net 1.0)...you should have an ajax based login control in your rad lib.

    Regards

    CS
  5. CSurieux
    CSurieux avatar
    465 posts
    Member since:
    Jan 2007

    Posted 02 Jul 2009 Link to this post

    More on my problem, may be I am out off scope from this thread...
    Is it possible that a Response.Redirect(http://my_virtual_path.aspx, true) when the session is https://ThePage_I_Leave.aspx" has not effect on the url Scheme ???
    That's what is happening in my app, the browser receive https://My_virtual_path.aspx after the Redirect instruction ????

    In these conditions, Redirect is unusable when a scheme change is also required ?

    Thanks for help on this curiosity in asp.net 3.5

    CS
  6. Pavel
    Admin
    Pavel avatar
    904 posts

    Posted 07 Jul 2009 Link to this post

    Hi Christian,

    There is nothing in our controls that will impact the url you redirect to. As this blog suggest you should ensure you have the following line in your web.config:
    <httpModules> 
          <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
    </httpModules> 

    Although you most probably already have it as it is needed to register your scripts.
    You can also check the approach suggested in this help article.

    Regards,
    Pavel
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017