This is a migrated thread and some comments may be shown as answers.

Forms Authentication Requests Are Not Directed to loginUrl Page just when the session times out on page with Telerik HTML5 Report Viewer

1 Answer 258 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Diego
Top achievements
Rank 1
Diego asked on 06 Nov 2016, 01:23 PM
I have developed a web forms web application on .net framework 4.0 that uses forms authentication and I am using telerik's UI for ASP.NET AJAX Q1 2016 controls and telerik reporting R3 2016. The application has been deployed to a server using IIS 7. One page of the application only contains a telerik's html 5 report viewer to generate and view telerik reports. Everything in the application works fine, however when the session times out on the page where I have telerik's report viewer and I click on the preview button on the report, the area of the report shows me the loginurl to log back in. When I try to login using the correct username and password I get an HTTP 404. This page is trying to redirect me to the wrong url: /PowerManager/Login.aspx. This url does not exist the correct loginurl should be /PowerManager/Login/Login.aspx. 
This is only happening on this specific page. If the sessions times out in any other page, the page is redirected to the correct loginurl defined on the web.config.

This web application is the only application deployed on IIS. So I know there is no other cookie with the same name,same path,or identical key as mentioned as some of the causes of this issue per this https://support.microsoft.com/en-us/kb/313116

I have tried also http://www.codeproject.com/Articles/292149/The-resource-cannot-be-found-Account-Login and several other suggestions but none have worked for me.

Please any help would be appreciated I've been trying to fix this for days and nothing seems to fix it. Attached is a picture of when the session times out on the page with the report viewer and I press the preview button on the report paramters area.

Here is my web.config file:
        
<?xml version="1.0" encoding="utf-8"?>
    <configuration>
    <appSettings>
    <add key="Telerik.Skin" value="Metro" />
    <add key="enableSimpleMembership" value="false" />
    <add key="autoFormsAuthentication" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    </appSettings>
    <system.web>
    <!-- 100 MB -->
    <httpRuntime maxRequestLength="102400" />
    <trace enabled="false" mostRecent="true" requestLimit="100" pageOutput="true" localOnly="false" />
    <!-- Authentication Settings -->
    <authentication mode="Forms">
    <forms defaultUrl="~/Default.aspx" loginUrl="~/Login/Login.aspx" name="PowerManagerAuthCookie" path="/" protection="All" timeout="1" enableCrossAppRedirects="false" cookieless="UseCookies" slidingExpiration="true" />
     
    </authentication>
    <!--Deny all users unless authenticated -->
    <authorization>
    <deny users="?" />
    </authorization>
    <compilation targetFramework="4.0">
    <assemblies>
    <add assembly="Telerik.ReportViewer.Html5.WebForms, Version=10.2.16.1025, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
    <add assembly="Telerik.Reporting, Version=10.2.16.1025, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
    <add assembly="Telerik.ReportViewer.WebForms, Version=10.2.16.1025, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
    <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
    </assemblies>
    </compilation>
    <pages>
    <controls>
    <add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
    </controls>
    </pages>
    <httpHandlers>
    <add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />
    <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />
    <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
    <add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
    <add verb="*" path="Telerik.ReportViewer.axd" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms, Version=10.2.16.1025, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" validate="false" />
    <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
    </httpHandlers>
    <membership defaultProvider="DefaultMembershipProvider">
    <providers>
    <clear />
    <add name="DefaultMembershipProvider" applicationName="/PowerManager" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="DefaultRoleProvider">
    <providers>
    <clear />
    <add name="DefaultRoleProvider" applicationName="/PowerManager" connectionStringName="LocalSqlServer" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </providers>
    </roleManager>
    <profile enabled="true" defaultProvider="DefaultProfileProvider">
    <providers>
    <clear />
    <add name="DefaultProfileProvider" applicationName="/PowerManager" connectionStringName="LocalSqlServer" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </providers>
    </profile>
    <!--
                If you are deploying to a cloud environment that has multiple web server instances,
                you should change session state mode from "InProc" to "Custom". In addition,
                change the connection string named "DefaultConnection" to connect to an instance
                of SQL Server (including SQL Azure and SQL  Compact) instead of to SQL Server Express.
          -->
    <sessionState mode="InProc" customProvider="DefaultSessionProvider">
    <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </providers>
    </sessionState>
    </system.web>
    <system.webServer>
    <!-- 15 MB -->
    <security>
    <requestFiltering>
    <requestLimits maxAllowedContentLength="104857600" />
    </requestFiltering>
    </security>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" runManagedModulesForWebDavRequests="true" />
    <handlers accessPolicy="Read, Script">
    <remove name="ChartImage_axd" />
    <add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode" />
    <remove name="Telerik_Web_UI_SpellCheckHandler_axd" />
    <add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode" />
    <remove name="Telerik_Web_UI_DialogHandler_aspx" />
    <add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode" />
    <remove name="Telerik_RadUploadProgressHandler_ashx" />
    <add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode" />
    <remove name="Telerik_Web_UI_WebResource_axd" />
    <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode" />
    <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
    <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
    <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
    <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
    <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
    <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    <remove name="Telerik.ReportViewer.axd_*" />
    <add name="Telerik.ReportViewer.axd_*" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms, Version=10.2.16.1025, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" path="Telerik.ReportViewer.axd" verb="*" preCondition="integratedMode" />
     
    </handlers>
    <directoryBrowse enabled="false" />
     
    </system.webServer>
    <location path="Administrator.aspx">
    <system.web>
    <authorization>
    <allow roles="Admin" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="Messages.aspx">
    <system.web>
    <authorization>
    <allow roles="Admin" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="Settings.aspx">
    <system.web>
    <authorization>
    <allow roles="Admin" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    <location path="Telerik.ReportViewer.axd"
        <system.web>
          <authorization>
            <allow users="*" /> 
          </authorization>
        </system.web>
      </location>
      <location path="Telerik.Web.UI.WebResource.axd">
        <system.web>
          <authorization>
            <allow users="*" />
          </authorization>
        </system.web>
      </location
    <connectionStrings>
    <clear />
    <add name="LocalSqlServer" connectionString="Data Source=(local)\SQLEXPRESS;Initial Catalog=Database;User ID=User;Password=123456" providerName="System.Data.SqlClient" />
    <add name="DBConnectionString" connectionString="Data Source=(local)\SQLEXPRESS" providerName="System.Data.SqlClient" />
    </connectionStrings>
    <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependentAssembly>
    <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
    <bindingRedirect oldVersion="0.0.0.0-9.0.0.0" newVersion="9.0.0.0" />
    </dependentAssembly>   
    </assemblyBinding
    </runtime>
    </configuration>

1 Answer, 1 is accepted

Sort by
0
Katia
Telerik team
answered on 08 Nov 2016, 07:22 AM
Hello Diego,

You can check the reply my colleague posted in a support ticket #1053752 that you opened on the same question.
For other community members interested in this topic, below is the reply from the ticket:

"The Reporting REST Service is a WebAPI controller. WebAPI controllers are not aware of the state of the ASP.NET Session. This is the reason you need to configure the ASP.NET Session on each request, includes requests sent from the viewer to the Reporting REST service. When you configure the ASP.NET Session you can check its state and determine whether it is time to redirect to the custom logic page.
Redirect to login Page after session timeout in MVC 5
Accessing Session Using ASP.NET Web API
Enable session in Web Api 2
Redirect to specific page after session expires


To repeat, the Reporting REST service is not aware of the ASP.NET Session. In your the login redirect happens when the forms authentication ends, not the sessionState timeout. When it comes to WebAPi controllers, you can use the .NET4.5 HttpResponse.SuppressFormsAuthenticationRedirect Property. For older .NET frameworks, check Prevent Forms Authentication Login Page Redirect When You Don’t Want It
and Simple Fix for ASP.NET FormsAuthentication Redirect when using AJAX (the HTML5 Viewer makes AJAX requests to the Reporting REST service).

//example
//global.asax
protected void Application_EndRequest()
        {
            var context = new HttpContextWrapper(this.Context);
  
            // If we're an ajax request and forms authentication caused a 302,
            // then we actually need to do a 401
            if (FormsAuthentication.IsEnabled && context.Response.StatusCode == 302
                && context.Request.IsAjaxRequest())//!requires System.Web.MVC reference!
            {
                //context.Response.Clear();
                //context.Response.StatusCode = 401;
                this.Response.Redirect("~/Logon.aspx");
            }
        }

you will need to check which timeout is reached - the forms authentication or the session one - Forms authentication timeout vs sessionState timeout, and take action. it is recommended to use HTTPS settings in the project."


Regards,
Katia
Telerik by Progress
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
General Discussions
Asked by
Diego
Top achievements
Rank 1
Answers by
Katia
Telerik team
Share this question
or