This is a migrated thread and some comments may be shown as answers.

Pb with Forms authentication login redirect to https

4 Answers 57 Views
Ajax
This is a migrated thread and some comments may be shown as answers.
CSurieux
Top achievements
Rank 2
CSurieux asked on 26 Jun 2009, 08:34 AM
Hello,

Using last 2009 527 version, I have following problem.
My app uses Forms authentication and some folders could only be accessed by authenticated users with ssl protection.
I use classic asp.net
<authentication mode="Forms"/>  
<forms loginUrl=https://www.myportal.com/secure/login.aspx?PageID=200 defaultUrl="DefaultModulesPage.aspx" requireSSL="false" /> 
</authentication> 
         

Until ajax.net and Telerik, this was working Ok, redirecting non authenticated users to login.aspx with https.

Now I am using .net 3.5 with radajax.net and lot of related more declarations in web.config, like
<httpRuntime useFullyQualifiedRedirectUrl="true" ... enableVersionHeader="false" /> 
         

and I don't know why but my browser ( Fiddler traced it) receive something strange
http://www.myportal.com/secure/login.aspx?PageID=200&ReturnUrl=My_original_url_with_query_encoded&Doubled_querystring

First and main pb: it is no more https ???
Calling directly https://same url works perfectly, certificate is installed under IIS6 (W2K3) and ssl working Ok.

Next I get a double value for my original query string added to the end of request, even if the return url parameter already contains it.
??

My question, is somebody playing with 'location' in ajax.net or radajax.net ?

What could I check ?

Thanks for help.

CS



4 Answers, 1 is accepted

Sort by
0
Pavel
Telerik team
answered on 02 Jul 2009, 06:08 AM
Hello Christian,

Looking at the settings you have pasted I have noticed that the requireSSL property is set to 'false' which may be the cause for the non-ssl connection. I can also suggest you to check the following links from the Asp.Net AJAX documentation:

http://www.asp.net/AJAX/Documentation/Live/Tutorials/UsingFormsAuthenticationTutorial.aspx
http://www.asp.net/AJAX/Documentation/Live/mref/T_System_Web_Configuration_ScriptingAuthenticationServiceSection.aspx

All the best,
Pavel
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
CSurieux
Top achievements
Rank 2
answered on 02 Jul 2009, 08:18 AM
Hello Pavel,

The RequireSSL means 'send cookie only on ssl transactions', it has no influence on redirection (tested).
I don't use today Ajax login but classic one with an aspx page containing a asp:login control.
(But I plan to do it so I have included any web.config declaration related to it.)

My concern was : could  Telerik, somewhere, change or play with the location sent back to browser.
(I have already encountered some difficulties related to url rewriting and Form.Action) ???

Concerning your links, they are old (ajax.net 1.0)...you should have an ajax based login control in your rad lib.

Regards

CS
0
CSurieux
Top achievements
Rank 2
answered on 02 Jul 2009, 12:11 PM
More on my problem, may be I am out off scope from this thread...
Is it possible that a Response.Redirect(http://my_virtual_path.aspx, true) when the session is https://ThePage_I_Leave.aspx" has not effect on the url Scheme ???
That's what is happening in my app, the browser receive https://My_virtual_path.aspx after the Redirect instruction ????

In these conditions, Redirect is unusable when a scheme change is also required ?

Thanks for help on this curiosity in asp.net 3.5

CS
0
Pavel
Telerik team
answered on 07 Jul 2009, 06:58 AM
Hi Christian,

There is nothing in our controls that will impact the url you redirect to. As this blog suggest you should ensure you have the following line in your web.config:
<httpModules> 
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
</httpModules> 

Although you most probably already have it as it is needed to register your scripts.
You can also check the approach suggested in this help article.

Regards,
Pavel
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
Tags
Ajax
Asked by
CSurieux
Top achievements
Rank 2
Answers by
Pavel
Telerik team
CSurieux
Top achievements
Rank 2
Share this question
or