Forms authentication in ASP.NET--> cannot redirect to protected page on Webkit Browsers on remote server

0
votes

I've implemented forms authentication by using some custom code to set up the cookies. I'm able to redirect the user to the proper ReturnUrl upon correct login on all browsers on my development server. I'm using ASP.NET 3.5 Web Forms.

On the remote server that I'm using for deployment, instead of redirecting to the ReturnUrl, the login page just reloads. Oddly, this only happens on Webkit browsers. Gecko browsers work fine. I've searched far and wide for a solution, but was unable to find anything quite like this.

Web.config (I want to redirect to Admin.aspx form Login.aspx):

    <appSettings>
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="none"/>
    <add key="loginUrl" value="Login.aspx"  />

</appSettings>
<system.web>
    <authentication mode="Forms">
        <forms name=".ASPXAUTH" loginUrl="Login.aspx" defaultUrl="Admin.aspx" protection="All" timeout="2880" cookieless="UseCookies" />
    </authentication>
...
    <system.web>

    <authorization>
        <deny users="?" />
    </authorization>

</system.web>
<location path ="Default.aspx">
    <system.web>
        <authorization>
            <allow users ="*"/>
        </authorization>
    </system.web>
</location>

<location path="Resources">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="Admin.aspx">
    <system.web>
        <authorization>
            <deny users ="?"/>
        </authorization>
    </system.web>
</location>

Login.aspx.cs:

    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Submit_Click(object sender, EventArgs e)
    {
       DatabaseCommands c = new DatabaseCommands();

        if (c.CheckCredentials(txtUsername.Text, txtPassword.Text))
        {
            FormsAuthenticationTicket ticket;
            string cookieString;
            HttpCookie cookie;
            ticket = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(1), true, "This is one kickass ticket, yo");
            cookieString = FormsAuthentication.Encrypt(ticket);
            cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieString);
            cookie.Expires = ticket.Expiration;
            cookie.Path = FormsAuthentication.FormsCookiePath;
            Response.Cookies.Add(cookie);
            string strRedirect = Request["ReturnUrl"];
            if (strRedirect == null)
                strRedirect = "Admin.aspx";
            Response.Redirect(strRedirect, true);
        }
        else
        {
            lblError.InnerText = "Invalid Credentials";
            lblError.Visible = true;
        }
    }

Login.aspx:

    <form id="form1" runat="server">
<div style="text-align:center">
    <h1>Login</h1>
        <table style="margin-right:auto;margin-left:auto;" id="loginForm">
        <tr><td><label id="username">User:</label></td><td><asp:TextBox ID="txtUsername" runat="server" Width="200px"></asp:TextBox></td></tr>
        <tr><td><label id="password">Password:</label></td><td><asp:TextBox runat="server" TextMode="Password" ID="txtPassword"  Width="200px"></asp:TextBox></td></tr>
        <tr><td><label id="lblError" runat="server" visible="false"></label></td><td><asp:Button ID="submit" Text="Submit" OnClick="Submit_Click" runat="server"  align="right" PostBackUrl="/Admin.aspx" OnClientClick="Submit_Click" /></td></tr>
        </table>
        </div>            
</form>
1
c#webforms
I can't spot anyhting wrong here. Could you possibly try to comment out lines starting with cookie.Expires = ... and cookie.Path = ... and come back with results?Wiktor Zychla
Upon commenting out those lines, everything works! Maybe it's a conflict between the Login.aspx.cs and the web.config? Post your comment as an answer!soundsmitten

1 Answers

1
votes

As it turns out, the answer is to comment out lines 

  cookie.Path = ...
  cookie.Expires = ...

Glad this helped.