Forms Authentication

[Guus123]

Hi,

I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.

The web config file looks as follows:

<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms loginUrl="login.aspx" protection="All">
<credentials passwordFormat="Clear">
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>


I my code behind on the login.aspx I have

If FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) Then
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, true)
Response.Redirect("somesample.aspx")
End If


This works fine when I go the site via IE using the IP address. I just
recently connected a domain name "www.somename.com" to it using a DNS
service. When I use the domain name in the URL. My logon form never redirects
but always keeps on the logon page. Can anyone help me?

 

[Steven Cheng[MSFT]]

Hi Guus123,

From your description, you have an ASP.NET application that uses forms
authentication. It works well in dev env, but after deployed to server and
visisted through public DNS server address, the forms authenticcation no
longer work, correct?

Based on my experience, such problem behavior is possibly caused by the
authentication ticket(cookie based) is not correctly set to the domain your
client browser belong to.

for ASP.NET forms authentication, if you choose to persist authentication
status, it will generate an authentication ticket and store it in cookie,
however, for cookie, it has a "domain" property indicate which domain it
belong. For your scenario, I think it is likely that the default domain
setting doesn't quite fit your environment. Here is a web article discuss
something on this issue:

#Forms Authentication Cookies and Subdomain Names
http://blog-howto.com/archive/2006/09/21/FormsAuthCookiesAndSubdomainNames.a
spx

You can have a look to see whether it helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------

 

[Guus123]

Hi,

Thanks for your information. I read the article of the link you gave me. I
did try to access my web site using the domain name from a machine that has
never been to the site not even using the IP address and still could not
logon and still had the same problem. This should have overcome the cookie
problem, or is my thinking incorrect?
--
FC Utrecht are Champions!

Hi Guus123,

From your description, you have an ASP.NET application that uses forms
authentication. It works well in dev env, but after deployed to server and
visisted through public DNS server address, the forms authenticcation no
longer work, correct?

Based on my experience, such problem behavior is possibly caused by the
authentication ticket(cookie based) is not correctly set to the domain your
client browser belong to.

for ASP.NET forms authentication, if you choose to persist authentication
status, it will generate an authentication ticket and store it in cookie,
however, for cookie, it has a "domain" property indicate which domain it
belong. For your scenario, I think it is likely that the default domain
setting doesn't quite fit your environment. Here is a web article discuss
something on this issue:

#Forms Authentication Cookies and Subdomain Names
http://blog-howto.com/archive/2006/09/21/FormsAuthCookiesAndSubdomainNames.a
spx

You can have a look to see whether it helps some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------

 

[Guus123]

Hi,

Ok, I found the problem. The DNS entry for my domain was not set corrretly,
which was stuffing up my cookies with a incorrect domain. All working now
thanks.
--
FC Utrecht are Champions!

Hi,

Thanks for your information. I read the article of the link you gave me. I
did try to access my web site using the domain name from a machine that has
never been to the site not even using the IP address and still could not
logon and still had the same problem. This should have overcome the cookie
problem, or is my thinking incorrect?

 

[Steven Cheng[MSFT]]

Thanks for your reply Guus,

Glad that you've figured it out. I've justed performed some further
research but didn't find any other well-known issue. Seems the DNS has made
a joke with us here

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

-------------------

From: =?Utf-8?B?R3V1czEyMw==?= <[email protected]>
Subject: RE: Forms Authentication
Date: Wed, 12 Dec 2007 23:20:00 -0800