Forms Authentication Requests Are Not Directed to loginUrl Page just when the session times out on page with Telerik HTML5 Report Viewer

2 posts, 0 answers
  1. Diego
    Diego avatar
    7 posts
    Member since:
    Nov 2014

    Posted 06 Nov 2016 Link to this post

    I have developed a web forms web application on .net framework 4.0 that uses forms authentication and I am using telerik's UI for ASP.NET AJAX Q1 2016 controls and telerik reporting R3 2016. The application has been deployed to a server using IIS 7. One page of the application only contains a telerik's html 5 report viewer to generate and view telerik reports. Everything in the application works fine, however when the session times out on the page where I have telerik's report viewer and I click on the preview button on the report, the area of the report shows me the loginurl to log back in. When I try to login using the correct username and password I get an HTTP 404. This page is trying to redirect me to the wrong url: /PowerManager/Login.aspx. This url does not exist the correct loginurl should be /PowerManager/Login/Login.aspx. 
    This is only happening on this specific page. If the sessions times out in any other page, the page is redirected to the correct loginurl defined on the web.config.

    This web application is the only application deployed on IIS. So I know there is no other cookie with the same name,same path,or identical key as mentioned as some of the causes of this issue per this

    I have tried also and several other suggestions but none have worked for me.

    Please any help would be appreciated I've been trying to fix this for days and nothing seems to fix it. Attached is a picture of when the session times out on the page with the report viewer and I press the preview button on the report paramters area.

    Here is my web.config file:
    <?xml version="1.0" encoding="utf-8"?>
        <add key="Telerik.Skin" value="Metro" />
        <add key="enableSimpleMembership" value="false" />
        <add key="autoFormsAuthentication" value="false" />
        <add key="PreserveLoginUrl" value="true" />
        <!-- 100 MB -->
        <httpRuntime maxRequestLength="102400" />
        <trace enabled="false" mostRecent="true" requestLimit="100" pageOutput="true" localOnly="false" />
        <!-- Authentication Settings -->
        <authentication mode="Forms">
        <forms defaultUrl="~/Default.aspx" loginUrl="~/Login/Login.aspx" name="PowerManagerAuthCookie" path="/" protection="All" timeout="1" enableCrossAppRedirects="false" cookieless="UseCookies" slidingExpiration="true" />
        <!--Deny all users unless authenticated -->
        <deny users="?" />
        <compilation targetFramework="4.0">
        <add assembly="Telerik.ReportViewer.Html5.WebForms, Version=, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
        <add assembly="Telerik.Reporting, Version=, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
        <add assembly="Telerik.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" />
        <add assembly="System.Design, Version=, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
        <add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />
        <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />
        <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
        <add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
        <add verb="*" path="Telerik.ReportViewer.axd" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" validate="false" />
        <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
        <membership defaultProvider="DefaultMembershipProvider">
        <clear />
        <add name="DefaultMembershipProvider" applicationName="/PowerManager" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <roleManager enabled="true" defaultProvider="DefaultRoleProvider">
        <clear />
        <add name="DefaultRoleProvider" applicationName="/PowerManager" connectionStringName="LocalSqlServer" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <profile enabled="true" defaultProvider="DefaultProfileProvider">
        <clear />
        <add name="DefaultProfileProvider" applicationName="/PowerManager" connectionStringName="LocalSqlServer" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
                    If you are deploying to a cloud environment that has multiple web server instances,
                    you should change session state mode from "InProc" to "Custom". In addition,
                    change the connection string named "DefaultConnection" to connect to an instance
                    of SQL Server (including SQL Azure and SQL  Compact) instead of to SQL Server Express.
        <sessionState mode="InProc" customProvider="DefaultSessionProvider">
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <!-- 15 MB -->
        <requestLimits maxAllowedContentLength="104857600" />
        <validation validateIntegratedModeConfiguration="false" />
        <modules runAllManagedModulesForAllRequests="true" runManagedModulesForWebDavRequests="true" />
        <handlers accessPolicy="Read, Script">
        <remove name="ChartImage_axd" />
        <add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode" />
        <remove name="Telerik_Web_UI_SpellCheckHandler_axd" />
        <add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode" />
        <remove name="Telerik_Web_UI_DialogHandler_aspx" />
        <add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode" />
        <remove name="Telerik_RadUploadProgressHandler_ashx" />
        <add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode" />
        <remove name="Telerik_Web_UI_WebResource_axd" />
        <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode" />
        <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
        <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
        <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
        <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
        <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
        <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
        <remove name="Telerik.ReportViewer.axd_*" />
        <add name="Telerik.ReportViewer.axd_*" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" path="Telerik.ReportViewer.axd" verb="*" preCondition="integratedMode" />
        <directoryBrowse enabled="false" />
        <location path="Administrator.aspx">
        <allow roles="Admin" />
        <deny users="*" />
        <location path="Messages.aspx">
        <allow roles="Admin" />
        <deny users="*" />
        <location path="Settings.aspx">
        <allow roles="Admin" />
        <deny users="*" />
        <location path="Telerik.ReportViewer.axd"
                <allow users="*" /> 
          <location path="Telerik.Web.UI.WebResource.axd">
                <allow users="*" />
        <clear />
        <add name="LocalSqlServer" connectionString="Data Source=(local)\SQLEXPRESS;Initial Catalog=Database;User ID=User;Password=123456" providerName="System.Data.SqlClient" />
        <add name="DBConnectionString" connectionString="Data Source=(local)\SQLEXPRESS" providerName="System.Data.SqlClient" />
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="" newVersion="" />
  2. Katia
    Katia avatar
    760 posts

    Posted 08 Nov 2016 Link to this post

    Hello Diego,

    You can check the reply my colleague posted in a support ticket #1053752 that you opened on the same question.
    For other community members interested in this topic, below is the reply from the ticket:

    "The Reporting REST Service is a WebAPI controller. WebAPI controllers are not aware of the state of the ASP.NET Session. This is the reason you need to configure the ASP.NET Session on each request, includes requests sent from the viewer to the Reporting REST service. When you configure the ASP.NET Session you can check its state and determine whether it is time to redirect to the custom logic page.
    Redirect to login Page after session timeout in MVC 5
    Accessing Session Using ASP.NET Web API
    Enable session in Web Api 2
    Redirect to specific page after session expires

    To repeat, the Reporting REST service is not aware of the ASP.NET Session. In your case the login redirect happens when the forms authentication ends, not the sessionState timeout. When it comes to WebAPi controllers, you can use the .NET4.5 HttpResponse.SuppressFormsAuthenticationRedirect Property. For older .NET frameworks, check Prevent Forms Authentication Login Page Redirect When You Don’t Want It
    and Simple Fix for ASP.NET FormsAuthentication Redirect when using AJAX (the HTML5 Viewer makes AJAX requests to the Reporting REST service).

    protected void Application_EndRequest()
                var context = new HttpContextWrapper(this.Context);
                // If we're an ajax request and forms authentication caused a 302,
                // then we actually need to do a 401
                if (FormsAuthentication.IsEnabled && context.Response.StatusCode == 302
                    && context.Request.IsAjaxRequest())//!requires System.Web.MVC reference!
                    //context.Response.StatusCode = 401;

    Still you will need to check which timeout is reached - the forms authentication or the session one - Forms authentication timeout vs sessionState timeout, and take action. Also it is recommended to use HTTPS settings in the project."

    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top