I use url routing in my asp.net project, following is my route for product page.
RouteTable.Routes.MapPageRoute("product", "{language}/p/{type}/{no}/{product}", "~/Product.aspx", true);
expected result is as following.
http://xxxx.com/en/p/products/47.609.081.850.2720/yanmar-diesel-engine-720-hp-with-hydraulic-gear
and it works in development level, when i deploy the projects to the hosting server it works for a while as should be, but after a few hours the URI goes some thing like that
http://xxxx.com/(A(6jqh8an0ygEkAAAANTMzMWU2NjgtYTBiNi00ZTQ5LTllZWEtNjI1MGM2MDk5MmY4T_ZQLz3eoy3LgKYYSl0Gk_Sts-A1))/en/p/products/47.609.081.850.2720/yanmar-diesel-engine-720-hp-with-hydraulic-gear
IIS puts Uri on the http address but i never use something other than cookieless="UseCookies" in web.config file.
relevant sections of Web.config file :
<sessionState timeout="40" mode="InProc" cookieless="UseCookies" />
<anonymousIdentification enabled="true" cookieless="UseCookies"/>
<authentication mode="Forms">
<forms name="XXXFirmCookie" cookieless="UseCookies" loginUrl="~/LoginPage.aspx" path="/" protection="All" timeout="60" slidingExpiration="true" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx"></forms>
</authentication>
The odd thing it works on host server for a while without putting uri on the http address.
Host server uses IIS 7.5 and framework is 4.0
Can you see any mistake on my routing code or web.config ?
Or should i check something on IIS ?
Thanks in advance..
Related
I have two web applications on old server with IIS 6 with SSO and it works perfect. Now I have new server with IIS 7 and after migration web applications SSO stopped working - when I try go to second application Login page is shown again...
Can somebody tell me what i doing wrong or what I don't know?
here is first web.config
<authentication mode="Forms">
<forms loginUrl="LoginR.aspx" timeout="20" />
</authentication>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validation="SHA1" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
and second web.config
<authentication mode="Forms">
<forms loginUrl="Http://NEWServerName/FirstAppName/LoginR.aspx" timeout="20" protection="All" path="/" domain="XXX" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
Set application pools to integrated mode.
When the user try to Login with IE11 he get's "400 bad request"
Other users get's sign out when doing post back actions
More information:
Server time date is correct and set to UTC timezone.
The problem also happens when using IP (not only with DNS)
running on .Net 4 for several months (problem started in the last month)
IE 10-7 works fine
My code on login:
if (Membership.ValidateUser(strUserName, strPswrd))
{
FormsAuthentication.RedirectFromLoginPage(strUserName, chkRememberMe.Checked);
}
from web.config
<authentication mode="Forms">
<forms name="MyAuthCookie" loginUrl="HomePage.aspx" defaultUrl="Loading.aspx" timeout="9480" enableCrossAppRedirects="true" />
</authentication>
Thanks
Found the solution:
Add cookieless="UseCookies" for your forms element in web.config.
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" />
</authentication>
http://www.hanselman.com/blog/FormsAuthenticationOnASPNETSitesWithTheGoogleChromeBrowserOnIOS.aspx
I wanted to make my login as the default page before the user accesses the home page. This is my code.
<system.webServer>
<defaultDocument>
<files>
<clear/>
<add value="Login.aspx"/>
</files>
</defaultDocument>
</system.webServer>
Thanks! :)
just Right click on that page and click on set as start up page.
What you need to do is first establish the authorization and authentication mechanism. You can use FormsAuthentication and configure the settings in a web.config file. For example, to enable forms authentication you would set the following value in the config file:
<authentication mode="Forms">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile" domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>
Here you can see that loginUrl is set to login.aspx. This way, if a user is not authenticated, he or she will be redirected to login.aspx
This is much better approach than establishing your own logic for redirection to login or setting login.aspx as a start page.
I have this section of my web.config file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx">
<credentials passwordFormat="Clear">
<user name="test#hotmail.com" password="12345" />
</credentials>
</forms>
</authentication>
</system.web>
I have tried to encrypt this section, but I get the object not set to an instance of the object error. This is the path that I called in the encryption class: system.web/authentication/forms/credentials
Any solution please?
Thanks.
If you're using IIS, make sure your site ID in IIS is set to 1 (Advanced settings).
Like the title states - I have a web.config file that looks like,
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="login" protection="All" timeout="30" loginUrl="login" defaultUrl="~/">
<credentials passwordFormat="Clear">
<user name="admin" password="password" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
I want to do exactly what it says it should do... I want to deny all users who try to enter the site.
It works however, it redirects to a "Account/Login?ReturnUrl=%2flogin" url I have never heard of...
Is there a place I can change this?
I've seen this problem before. No doubt you're also getting this error:
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
And you're being redirected to "/Account/Login" which doesn't even exist. I believe it's some kind of default that get's pulled in due to using MVC components even if you're using an ASP.NET Forms website. Perhaps you have some Razor pages and the following was added to your web.config:
<appSettings>
<add key="webpages:Enabled" value="true" />
</appSettings>
Having this in there seems to be enough to mess up your login page as defined normally:
<authentication mode="Forms">
<forms loginUrl="login" timeout="43200"/>
</authentication>
I've solved this by adding an extra "loginUrl" key to appSettings:
<appSettings>
<add key="webpages:Enabled" value="true" />
<add key="loginUrl" value="~/Login.aspx" /><!-- Override default -->
</appSettings>
The loginUrl param does not have an absolute path, so the path get mixed with the relative folder the website is.
Solution:
loginUrl="~/login"
or
loginUrl="/login"
The problem is
loginUrl="login"
This is the URL to send unauthenticated users to. If the URL to your login page is "Login.aspx" then thats what you should set it too.
loginUrl="login.aspx"
The piece at the end, ReturnURL, is the address to redirect the user to if they successfully login.
The LoginUrl is created with the code UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, loginUrl);, so I'm guessing somehow your root of your website is set to "Application".
http://www.ureader.com/msg/15372322.aspx