ASP.NET Login Page Redirection Problem
- by Daniel
Hello everyone!
I'm building a silverlight application hosted on ASP.NET Web App. / IIS7 / SSL-enabled website.
For security, I put my silverlight page inside a Members folder in the ASP.NET Web Application, and restricted access from anonymous users.(see web.config below)
when users try to access pages under Members folder, they get redirected to https://www.ssldemo.com/authenticationtest/login.aspx. (see web.config below)
(I've mapped www.ssldemo.com to 127.0.0.1).
for security, I'm switching to HTTPS in login.aspx, and back to HTTP after validation.
below is the code for login.aspx.cs.
protected void Page_Load(object sender, EventArgs e)
{
LoginControl.LoggedIn += new EventHandler(LoginControl_LoggedIn);
}
void LoginControl_LoggedIn(object sender, EventArgs e)
{
//for going to ReturnURL & switching back to HTTP
string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]);
string returnURL = Request["ReturnURL"];
Response.Redirect(ResolveClientUrl("http://" + serverName + returnURL));
}
The problem is, when I deploy another application to http://www.ssldemo.com/authenticationtest/members/AnotherApplication/
and open http://www.ssldemo.com/authenticationtest/members/AnotherApplication/default.aspx,
Users get redirected to https://www.ssldemo.com/authenticationtest/login.aspx?ReturnUrl=%2fauthenticationtest%2fmembers%2fanotherapplication%2fdefault.aspx.
but even when I enter the correct credentials at login page, I get redirected to the same login page again, not to the ReturnUrl. when I looked into fiddler, it said '302 object moved to here.'
Thank you for reading! Any input will be much appreciated.
<configuration>
<connectionStrings>
<add name="CompanyDatabase" connectionString="Data Source=192.168.0.2;Initial Catalog=SomeTable;User ID=Username;Password=P@ssword" />
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms slidingExpiration="true" timeout="15"
loginUrl="https://www.ssldemo.com/authenticationtest/login.aspx"
defaultUrl="~/Members/Default.aspx"
>
</forms>
</authentication>
<!--Custom Membership Provider-->
<membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="MyMembershipProvider"
type="AuthenticationTest.Web.MyMembershipProvider"
connectionStringName="CompanyDatabase"
applicationName="AuthenticationTest.Web"/>
</providers>
</membership>
</system.web>
<!--securing folders-->
<location path="Members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>