ASP.NET login control mysteriously stops working - asp.net

I'm using the ASP.NET Login control and have been doing so for a couple of years on a particular site with success. Out of the blue, in the dev environment, this control has stopped working and is now bouncing me back to the login page.
Using source control I've reverted recent changes that might have been the cause but no luck. I've stepped through the code and have checked that the e.Authenticated property is correctly being set to true and that the ReturnUrl is correctly specified on the params.
Any ideas about where to look next to try and figure this out?

After logging in are you being redirected to a page that you don't have authorisation for?

I would check the following...
Cookies still set in the browser
SSL settings in conjunction with http
not forwarding onto https
Cert issues (old, new, expired)
Changes in the domain that the user
is authenticating to
Essentially, check everything except
your code, it works like you said.
;-)

Related

Window.open is losing session

My team have a big problem with a developed website. We have a page where We need to open three or four tabs, We used window.open and everything worked fine in testing area. But, in production with a load balancer (sticky session configured) when window.open is executed, It creates a new session, We saw in the logs that the request is redirected to other server when window.open is executed.
I've seen other links in stackoverflow like IE8 losing session cookies in popup windows
But the problem is that It happens also in Firefox, any clue about this kind of problem?
BTW, Our app is a ASP .Net MVC 4.5 website.
Second part of your question is pointing to a problem on the client side.
But if I read your problem it looks like a problem on the server side.
I think that your session pool over the load balancer has a problem.
Maybe try a simple page that shows your sessionId on a page and run that in your server farm for testing. make shure that the problem is not in your app but at server level.
edit after questionar reply:
Is your cookie set domain wide?
what happens if you open more tabs manually?
Is it a browser domain cookie handler problem (then the manual tabs will not work)
Or is it a javascript handler problem. (then the manual tabs will work)

users unable to login to Plone site

Here is the problem that I'm having. Often times, I cannot login to my Plone site. Other users have the same issue as well. Basically what happens is that when I click "Log In", the web page just refreshes but it doesn't log me in. In order to correct this problem, I had to clear the browser history and cookies in order to log in successfully. Sometimes I had to do this a few times in order to work. I would like at least 50% of the time I had to clear the history before I can login. Other times, it just works and it logs me in without any issue.
This problem started quite some time ago, perhaps almost a year now. I just never had time to look into it. However it seems like this problem is related to newer version of web browsers because I never had this problem before around one year ago.
I'm running Plone version 4.0.4. Can anyone suggest how I should troubleshoot this problem? Should I upgrade a particular component within my Plone setup?
FYI, I'm using the building authentication component and not anything external like LDAP. I manage my users in Site Setup -> Users and Groups.
Thanks in advance.
Things to look into:
go to /acl_users/session/manage_propertiesForm and check the settings here to make sure they make sense
check cookie settings for if they are valid on non-ssl and that you are logging in via ssl urls.
use a web browser web inspector(like chrome) and inspect that login cookies are set properly after you're logged in(look for the __ac cookie)
Finally, look into your caching. If you're using plone.app.caching, make sure to NOT cache for logged in users. If you're overriding caching at the web server, make sure you're not caching when the __ac cookie is present.
If you're not caching at the web server, make sure cache headers for the browser are also getting set appropriately
inspecting caching will also require using a browser to inspect the headers getting returned

This webpage has a redirect loop in asp.net web forms when disabling cookies

I'm getting an error in my webpage
"This webpage has a redirect loop" when tried to run the asp.net web forms solution when disabling cookies.
I'm new to asp.net programming.This problem gets resolved when enable cookies,but i need this to be done when cookies are disabled.
Does anyone have any suggestion?
I had the same problem, but symptoms were a bit different. I copied a login page to m_login to make a mobile version of the page. In the login page, I detected if the browser was using a mobile device. If so, I redirected to the m_login.aspx page. Unfortunately, I copied that code over as well, so it went into an endless loop (too many redirects). This, of course, only happened when I used a mobile device to test it. When I used my laptop and forced the URL to m_login.aspx, it was fine because it did not sense a mobile device. Not sure if that helps, but maybe someday it'll help someone :)
I had a similar problem. User was re-directed to ADMIN page, but because user was a 'member' and in the web.config file for ADMIN folder I had set ' ', the redirect was occurring, and getting stuck in a loop.
To Fix this I checked if the re-direct contains 'Admin', If YES, was user a 'member', if YES, navigate to login screen with appropriate error message.

302 Infinite Loop

I have a web application that is stuck in an infinite loop, and I have no idea where to look next. This is an intranet site, so there is no link I can share, but I've listed as many details as I can think of below. I would appreciate any ideas or suggestions. Anyone has.
The details:
IIS 7
.Net 4.0
Windows 2008
Default document is Login.aspx
No HTTP redirect set on app or Login.aspx in IIS
Fiddler shows Login.aspx using status code of 302 and redirecting to Login.aspx
If I open my site, it points to Login.aspx and gets stuck in a 302 loop. If I open the site but point to register.aspx, Fiddler shows register.aspx going to Login.aspx which of course redirects to Login.aspx.
What I've done:
Run the webapp from Visual Studio -- everything works fine
Check web.config for redirect commands -- there are none
Check IIS for redirect commands -- there are none
Look at Fiddler for another page in the loop -- there are none, just Login.aspx to Login.aspx
Check Login.aspx for redirect commands -- there are none
Check Login.aspx code behind for redirect commands -- there are none
Run the app on my box using the web.config from the server -- everything works
Check Login.aspx for redirect commands -- there are none
Cleared Cache -- problem still persists
Republished -- problem still persists
Republished and cleared Cache -- problem still persists
Disabled Default Document in IIS
Will share this just in case it is an answer, as it sounds like a problem we had.
ASP.net MVC site with [RequiresHttps] attribute on our login action.
Behind a load balancer that was doing SSL acceleration (resulting in the request that actually hits the server side code being already decoded and effectively under http).
Server code thinks this is an issue and redirects back to itself using https.
Rinse and repeat.
Been quite a long time since this was answered, and my comment below here to 'not use RequireHttps' is probably a bit out of date.
Anyone looking at this answer and thinking that it answers their problem would probably be well advised to look into configuring their load balancer to use X-Forwarded-Proto headers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
And then setting up their MVC site to be able to read these and still think they are under HTTPS at the border of your environment:
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0
Found the problem. Found this logic in the MasterPage:
Dim strPage As String = Request.Url.AbsolutePath.Replace("/", "")
'Check that user is logged in
If Not strPage = "Login.aspx" And Not strPage = "Register.aspx" Then
If Session("intUserId") Is Nothing Then
Response.Redirect("~/Login.aspx", True)
End If
End If
Evidently, strPage does not equal Login.aspx when browsing to Login.aspx on the server.
I should have cought this when I was investigating it. Thanks Ross for your comment, it helped me to find this!
I had encountered a similar bug. But mine was a typo with two
Response.Redirect back to back.
If (conditon1){
Response.Redirect("Page1.aspx");
}
If (conditon2){
Response.Redirect("Page2.aspx");
}
And the fix was to simply put the other if in the else block.

IIS7 automatically redirect to null (in IE)

I'm developing an ASP.NET web site with VB. My web site is work perfectly with Firefox. But, with IE, it's redirect automatically to null.
When I try
http://localhost/mysite/Default.aspx
IE6/IE7 automatically redirect to
http://localhost/mysite/null
But, there is no problem with pages inside sub folders. When I try with
http://localhost/mysite/forum/
It's work perfect. I just can't browse pages in root folder.
What should I do? I'm using IIS7 and .net framework 2.0.
Thanks
Huh... that's strange. "null" isn't really a normal place for web traffic to get redirected. Can you think of anywhere in your code/IIS settings that might redirect to a page called "null" Also strange is the firefox/ie difference.
Does it have something to do with authentication? IE might have automatic Windows authentication causing your application to behave differently because it thinks you are logged in. Try turning off Windows Authentication in IIS.
Alternatively, can you debug your code? Does any code execute on your home page before the redirect occurs?
First uncheck the show error frinedly message in the internet explorer in tools->Internet OPtions->Advance then see.
Another thing if you are redirecting with some dynamic link? And that is casuing it to redirect on null.
Check your code. I think that there may be some problem in your code.

Resources