mixed mode authentication + no postbacks

[domagoj]

Hi there

I implemented a mixed mode authentication as follows:
main site using forms authentication
redirector site using windows authentication, creates a forms
authentication cookie and redirects to main site

the problem is if i go to the main site everything works fine

if i go to the redirector site it redirects to the main site ( as
expected, cookie is generated as expected and in site
Context.Current.User is set as expected ) but no postbacks occur
anymore, even if i logout an logon to the main site problem resides, i
figured out that any "redirector" site protected by windows
authentication redirecting to my site causes postbacks to not function
anymore.

I tried the sample from Microsoft Press Book "Developing More-Secure
Microsoft® ASP.NET 2.0 Applications" and same thing happened.

My config Vista SP1 .NET 3.5
or 2003 R2 .NET 3.5

Applications are .NET 2.0 applications

tia dom

 

[Steven Cheng [MSFT]]

Hi tia,

From your description, you've applied a custom mixed authenitcation in your
ASP.NET web application,and the windows authentication module will generate
forms authentication cookie and redirect user to formsauthentication site.
However, you found that after redirected from windows authenticatino site,
any page postback operation no longer work, correct?

If this is the case, I think the behavior is quite unexpected. As for the
postback not work, do you mean even putting a typical submit button(and
click it) will not cause page to postback? Or if the client-side browser
does perform the postback and server-side didn't show any reflection or
return any response? I'm still not quite sure about the exact result and
behavior when you go through the redirector module and return to main site
pages. Is there any particular error message?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

 

[domagoj]

Hi tia,

From your description, you've applied a custom mixed authenitcation in your
ASP.NET web application,and the windows authentication module will generate
forms authentication cookie and redirect user to formsauthentication site.
However, you found that after redirected from windows authenticatino site,
any page postback operation no longer work, correct?

If this is the case, I think the behavior is quite unexpected. As for the
postback not work, do you mean even putting a typical submit button(and
click it) will not cause page to postback? Or if the client-side browser
does perform the postback and server-side didn't show any reflection or
return any response? I'm still not quite sure about the exact result and
behavior when you go through the redirector module and return to main site
pages. Is there any particular error message?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

correct, no button or any other method to trigger postback works
anymore, ispostback is always false and no viewstate form fiels is sent
to server anymore

i wrote a small webapp with one page and one button, by clicking the
button the app creates a authcookie(always with same information within
it) and redirects to my app, if i set authentication for this app to
forms or none everything works as expected, but if i set the
authentication to windows the problem same as described in my post

i figured out that browser sends the authentication handshakes if
redirect from windows authorized webapp and on every "postback" ist one more

tia dom

 

[Dominick Baier]

I know the sample from the book you are talking about

The behavior you describe is very unexpected. Do you have another test machine
to verify this?

 

[Steven Cheng [MSFT]]

Thanks for your reply Tia,

#Web Development Helper



--------------------

 

[Steven Cheng [MSFT]]

Hi Tia,

You can try the web development helper which can capture http messages
between browser and webserver:

#Web Development Helper
http://projects.nikhilk.net/webdevhelper/

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Steven Cheng [MSFT]]

Hi tia ,

Have you got any progress on this? If you need any further help, please
feel free to let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Content-Transfer-Encoding: 7bit
From: (e-mail address removed) (Steven Cheng [MSFT])
Organization: Microsoft
Date: Wed, 14 May 2008 02:30:38 GMT
Subject: Re: mixed mode authentication + no postbacks

 

[Dimitrios Toulakis]

Just check the application name value for your applications to match.

br
Dimi T.

 

[David Sharpe]

Has anyone worked out why the IsPostBack is always false in this case or the postback is not occurring !

 

[David]

What application name where ?

Just check the application name value for your applications to match.

br
Dimi T.

Hi Tia,

You can try the web development helper which can capture http messages
between browser and webserver:

#Web Development Helper
http://projects.nikhilk.net/webdevhelper/

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Date: Tue, 13 May 2008 12:47:29 +0200
From: "(e-mail address removed)" <[email protected]>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: Re: mixed mode authentication + no postbacks
Steven Cheng [MSFT] wrote:
Hi tia,
From your description, you've applied a custom mixed authenitcation in your
ASP.NET web application,and the windows authentication module will generate
forms authentication cookie and redirect user to formsauthentication site.
However, you found that after redirected from windows authenticatino site,
any page postback operation no longer work, correct?
If this is the case, I think the behavior is quite unexpected. As for the
postback not work, do you mean even putting a typical submit button(and
click it) will not cause page to postback? Or if the client-side browser
does perform the postback and server-side didn't show any reflection or
return any response? I'm still not quite sure about the exact result and
behavior when you go through the redirector module and return to main site
pages. Is there any particular error message?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Date: Tue, 13 May 2008 08:44:02 +0200
From: "(e-mail address removed)" <[email protected]>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: mixed mode authentication + no postbacks
Hi there
I implemented a mixed mode authentication as follows:
main site using forms authentication
redirector site using windows authentication, creates a forms
authentication cookie and redirects to main site
the problem is if i go to the main site everything works fine
if i go to the redirector site it redirects to the main site ( as
expected, cookie is generated as expected and in site
Context.Current.User is set as expected ) but no postbacks occur
anymore, even if i logout an logon to the main site problem resides, i
figured out that any "redirector" site protected by windows
authentication redirecting to my site causes postbacks to not function
anymore.
I tried the sample from Microsoft Press Book "Developing More-Secure
Microsoft?ASP.NET 2.0 Applications" and same thing happened.
My config Vista SP1 .NET 3.5
or 2003 R2 .NET 3.5
Applications are .NET 2.0 applications
tia dom
correct, no button or any other method to trigger postback works
anymore, ispostback is always false and no viewstate form fiels is sent
to server anymore
i wrote a small webapp with one page and one button, by clicking the
button the app creates a authcookie(always with same information within
it) and redirects to my app, if i set authentication for this app to
forms or none everything works as expected, but if i set the
authentication to windows the problem same as described in my post
i figured out that browser sends the authentication handshakes if
redirect from windows authorized webapp and on every "postback" ist one more

tia dom

 

[David]

Oddly this bahaviour ONLY manifests for us if we are developing and
debugging on the same machine, i'e client and server on same machine,
as soon as we run the client from elsewhere we get the postback we
expect !!!!!!! doh !

On May 16, 10:01 pm, (e-mail address removed) (Steven Cheng [MSFT]) wrote:
Hi tia ,

Have you got any progress on this? If you need any further help, please
feel free to let me know.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer tohttp://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Content-Transfer-Encoding: 7bit
From: (e-mail address removed) (Steven Cheng [MSFT])
Organization: Microsoft
Date: Wed, 14 May 2008 02:30:38 GMT
Subject: Re: mixed mode authentication + no postbacks

Thanks for your reply Tia,

#Web Development Helper

--------------------
Date: Tue, 13 May 2008 12:47:29 +0200
MIME-Version: 1.0
Subject: Re: mixed mode authentication + no postbacks
Steven Cheng [MSFT] wrote:
Hi tia,
From your description, you've applied a custom mixed authenitcation in your
ASP.NET web application,and the windows authentication module will generate
forms authentication cookie and redirect user to formsauthentication site.
However, you found that after redirected from windows authenticatino site,
any page postback operation no longer work, correct?
If this is the case, I think the behavior is quite unexpected. As for the
postback not work, do you mean even putting a typical submit button(and
click it) will not cause page to postback? Or if the client-side browser
does perform the postback and server-side didn't show any reflection or
return any response? I'm still not quite sure about the exact result and
behavior when you go through the redirector module and return to main site
pages. Is there any particular error message?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...

f

ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Date: Tue, 13 May 2008 08:44:02 +0200
From: "(e-mail address removed)" <[email protected]>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: mixed mode authentication + no postbacks
Hi there
I implemented a mixed mode authentication as follows:
main site using forms authentication
redirector site using windows authentication, creates a forms
authentication cookie and redirects to main site
the problem is if i go to the main site everything works fine
if i go to the redirector site it redirects to the main site ( as
expected, cookie is generated as expected and in site
Context.Current.User is set as expected ) but no postbacks occur
anymore, even if i logout an logon to the main site problem resides, i
figured out that any "redirector" site protected by windows
authentication redirecting to my site causes postbacks to not function
anymore.
I tried the sample from Microsoft Press Book "Developing More-Secure
Microsoft?ASP.NET 2.0 Applications" and same thing happened.
My config Vista SP1 .NET 3.5
or 2003 R2 .NET 3.5
Applications are .NET 2.0 applications
tia dom
correct, no button or any other method to trigger postback works
anymore, ispostback is always false and no viewstate form fiels is sent
to server anymore
i wrote a small webapp with one page and one button, by clicking the
button the app creates a authcookie(always with same information within
it) and redirects to my app, if i set authentication for this app to
forms or none everything works as expected, but if i set the
authentication to windows the problem same as described in my post
i figured out that browser sends the authentication handshakes if
redirect from windows authorized webapp and on every "postback" ist one more

tia dom

 

[Dimitrios Toulakis]

Sorry,

Im assuming with this answer that you are running your applications in the
IIS.
There you should check the values to match to the corresponding dll....

Example:
Your dll: Foo.dll

Web1 -> WinAuth -> Name: FooWin --> App Name: Foo
Web2 -> FormsAuth -> Name: Foo --> App Name: Foo


br
DT

PS: If you are using the web dev server then I have no clue...

PS2: If you are recompling and the browser window is open, then this happens
sometimes....

What application name where ?

Just check the application name value for your applications to match.

br
Dimi T.

Hi Tia,

You can try the web development helper which can capture http messages
between browser and webserver:

#Web Development Helper
http://projects.nikhilk.net/webdevhelper/

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.asp...
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Date: Tue, 13 May 2008 12:47:29 +0200
From: "(e-mail address removed)" <[email protected]>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: Re: mixed mode authentication + no postbacks

Steven Cheng [MSFT] wrote:
Hi tia,

From your description, you've applied a custom mixed authenitcation in
your
ASP.NET web application,and the windows authentication module will
generate
forms authentication cookie and redirect user to formsauthentication
site.
However, you found that after redirected from windows authenticatino
site,
any page postback operation no longer work, correct?

If this is the case, I think the behavior is quite unexpected. As for
the
postback not work, do you mean even putting a typical submit button(and
click it) will not cause page to postback? Or if the client-side browser
does perform the postback and server-side didn't show any reflection or
return any response? I'm still not quite sure about the exact result
and
behavior when you go through the redirector module and return to main
site
pages. Is there any particular error message?

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments
and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to

Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach
the
most efficient resolution. The offering is not appropriate for
situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are
best
handled working with a dedicated Microsoft Support Engineer by
contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
Date: Tue, 13 May 2008 08:44:02 +0200
From: "(e-mail address removed)" <[email protected]>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
Subject: mixed mode authentication + no postbacks

Hi there

I implemented a mixed mode authentication as follows:
main site using forms authentication
redirector site using windows authentication, creates a forms
authentication cookie and redirects to main site

the problem is if i go to the main site everything works fine

if i go to the redirector site it redirects to the main site ( as
expected, cookie is generated as expected and in site
Context.Current.User is set as expected ) but no postbacks occur
anymore, even if i logout an logon to the main site problem resides, i
figured out that any "redirector" site protected by windows
authentication redirecting to my site causes postbacks to not function
anymore.

I tried the sample from Microsoft Press Book "Developing More-Secure
Microsoft?ASP.NET 2.0 Applications" and same thing happened.

My config Vista SP1 .NET 3.5
or 2003 R2 .NET 3.5

Applications are .NET 2.0 applications

tia dom

correct, no button or any other method to trigger postback works
anymore, ispostback is always false and no viewstate form fiels is sent
to server anymore

i wrote a small webapp with one page and one button, by clicking the
button the app creates a authcookie(always with same information within
it) and redirects to my app, if i set authentication for this app to
forms or none everything works as expected, but if i set the
authentication to windows the problem same as described in my post

i figured out that browser sends the authentication handshakes if
redirect from windows authorized webapp and on every "postback" ist one
more

tia dom