A
aschmidt
Another bug in smart navigation. If smartnavigation is enabled in the
page and session
timeout occurs, the framework redirects you to wrong location of
login.aspx page if you
use Forms Authentication.
Steps to reproduce.
1. Create new web project in Visual Studio
a. Go to File | New | Project Е
b. Leave default name of project as this:
http://localhost/WebApplication1
2. Create default page.
a. Go to WebForm1.aspx in Solution Explorer (press Ctrl+Alt+L to open
Solution Explorer).
b. Create three controls in the page namely Label, TextBox and a
Button.
Leave default names.
c. Double-click Button to create default OnClick method. This opens
source
code for web-form and steps to Button1_Click method.
d. Add one statement in the Button1_Click method:
Label1.Text = TextBox1.Text;
e. Set smartNavigation property of the page to True.
f. Run project and enter anything into TextBox on the page. Click
Button,
this should change label text with value you entered in TextBox.
This
confirms the page is working property.
3. Activate forms authentication mechanism for the project.
a. Create new web-form in the project
i. Click on WebApplication1 in Solution Explorer and select Add |
Add Web Form Е. This will create new web-form.
ii. Set name of this page to login.aspx.
b. Go to design view of login.aspx
c. Put two TextBox controls and a Button. These two textboxes will
represent Username and Password fields.
d. Change Button1 text to Login.
e. Double-click login Button to create default OnClick method. This
opens
source code for web-form and steps to Button1_Click method. Insert
the
following in to Button1_Click method:
string userData = "ApplicationSpecific data for this user.";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(
1,
"(e-mail address removed)",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(1),
false,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));
// Redirect back to original URL.
Response.Redirect(FormsAuthentication.GetRedirectUrl("(e-mail address removed)",false));
f. Add using line in login.aspx.cs: using System.Web.Security; This
reference is required for Button1_Click code.
g. Double-click on Web.config in the Solution Explorer and find line:
<authentication mode="Windows" /> in the code editor.
h. Replace this found line with the following:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
i. Find line <allow users="*" /> in web.config and replace it with:
<deny users="?"/>
j. Find sessionState section in web.config and set timeout value to
1.
This will set timeout to 1 minute on inactivity.
k. Run project and see the behavior. If you are trying to reach
WebForm1.aspx you will be redirected to login.aspx page. After
entering
username/password and click on Login button you'll be redirected
to
"real" site, which is WebForm1.aspx in this case.
4. Create sub-folder and web-form in this sub-folder.
a. Go to WebApplication1 in Solution Explorer and in context menu,
invoked by right-click, select Add | New Folder command. Rename.
b. Drag and drop existing WebForm1.aspx into NewFolder1. The web-page
should appear under NewFolder.
5. Create new "default" web-page and add hyperlink to WebForm1.aspx
located
under subfolder.
a. Right click on WebApplication1 in Solution Explorer and select Add
|
Add New Form command. This should create WebForm1.aspx.
b. Right click on WebForm1.aspx and select Set As Start Page command.
This should make this page as default page of the application.
c. Double-click on WebForm2.aspx to open this page in design view.
Add
Hyperlink control from Toolbox
d. Change NavigateUrl value of Hyperlink1 control to
NewFolder1/WebForm1.aspx
6. Run project. You should be redirected to login.aspx page. Enter any
values into
two textboxes those represent our username/password and click Login
button.
This should redirect to "default" page WebForm2.aspx.
7. Click on Hyperlink link. This will open NewFolder1/WebForm1.aspx
page.
8. Wait a bit more than one minute which will timeout the session.
Click on button
and see the behavior. You should be redirected to
WebApplication1/login.aspx
page, but the location in Address line in browser hasn't being
changed while
login.aspx is rendered in the browser.
9. Enter username/password and click Login. You will see request to
WebApplication1/NewFolder1/login.aspx or popup message Connect to
<localhost> with username/password prompt, which is incorrect. You
should be
redirected to WebApplication1/login.aspx.
10. Set smartNavigation property of WebForm1.aspx back to False and
check that
you will be redirected to right location once the session timeout.
page and session
timeout occurs, the framework redirects you to wrong location of
login.aspx page if you
use Forms Authentication.
Steps to reproduce.
1. Create new web project in Visual Studio
a. Go to File | New | Project Е
b. Leave default name of project as this:
http://localhost/WebApplication1
2. Create default page.
a. Go to WebForm1.aspx in Solution Explorer (press Ctrl+Alt+L to open
Solution Explorer).
b. Create three controls in the page namely Label, TextBox and a
Button.
Leave default names.
c. Double-click Button to create default OnClick method. This opens
source
code for web-form and steps to Button1_Click method.
d. Add one statement in the Button1_Click method:
Label1.Text = TextBox1.Text;
e. Set smartNavigation property of the page to True.
f. Run project and enter anything into TextBox on the page. Click
Button,
this should change label text with value you entered in TextBox.
This
confirms the page is working property.
3. Activate forms authentication mechanism for the project.
a. Create new web-form in the project
i. Click on WebApplication1 in Solution Explorer and select Add |
Add Web Form Е. This will create new web-form.
ii. Set name of this page to login.aspx.
b. Go to design view of login.aspx
c. Put two TextBox controls and a Button. These two textboxes will
represent Username and Password fields.
d. Change Button1 text to Login.
e. Double-click login Button to create default OnClick method. This
opens
source code for web-form and steps to Button1_Click method. Insert
the
following in to Button1_Click method:
string userData = "ApplicationSpecific data for this user.";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(
1,
"(e-mail address removed)",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(1),
false,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));
// Redirect back to original URL.
Response.Redirect(FormsAuthentication.GetRedirectUrl("(e-mail address removed)",false));
f. Add using line in login.aspx.cs: using System.Web.Security; This
reference is required for Button1_Click code.
g. Double-click on Web.config in the Solution Explorer and find line:
<authentication mode="Windows" /> in the code editor.
h. Replace this found line with the following:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
i. Find line <allow users="*" /> in web.config and replace it with:
<deny users="?"/>
j. Find sessionState section in web.config and set timeout value to
1.
This will set timeout to 1 minute on inactivity.
k. Run project and see the behavior. If you are trying to reach
WebForm1.aspx you will be redirected to login.aspx page. After
entering
username/password and click on Login button you'll be redirected
to
"real" site, which is WebForm1.aspx in this case.
4. Create sub-folder and web-form in this sub-folder.
a. Go to WebApplication1 in Solution Explorer and in context menu,
invoked by right-click, select Add | New Folder command. Rename.
b. Drag and drop existing WebForm1.aspx into NewFolder1. The web-page
should appear under NewFolder.
5. Create new "default" web-page and add hyperlink to WebForm1.aspx
located
under subfolder.
a. Right click on WebApplication1 in Solution Explorer and select Add
|
Add New Form command. This should create WebForm1.aspx.
b. Right click on WebForm1.aspx and select Set As Start Page command.
This should make this page as default page of the application.
c. Double-click on WebForm2.aspx to open this page in design view.
Add
Hyperlink control from Toolbox
d. Change NavigateUrl value of Hyperlink1 control to
NewFolder1/WebForm1.aspx
6. Run project. You should be redirected to login.aspx page. Enter any
values into
two textboxes those represent our username/password and click Login
button.
This should redirect to "default" page WebForm2.aspx.
7. Click on Hyperlink link. This will open NewFolder1/WebForm1.aspx
page.
8. Wait a bit more than one minute which will timeout the session.
Click on button
and see the behavior. You should be redirected to
WebApplication1/login.aspx
page, but the location in Address line in browser hasn't being
changed while
login.aspx is rendered in the browser.
9. Enter username/password and click Login. You will see request to
WebApplication1/NewFolder1/login.aspx or popup message Connect to
<localhost> with username/password prompt, which is incorrect. You
should be
redirected to WebApplication1/login.aspx.
10. Set smartNavigation property of WebForm1.aspx back to False and
check that
you will be redirected to right location once the session timeout.