Forms Authentication & ReturnUrl
Here's my problem, should be simple enough to understand
In development, my application is located here
http://localhost/myapp/mypage.aspx
But in production, it is deployed like so
http://mydomain.com/mypage.aspx <-- removing "myapp" from the url
But when I try to hit a page when I am not authenticated, I get bumped to the login page which looks like this:
http://mydomain.com?ReturnUrl=%2fmyapp%2fmypage.aspx, so after a successful login, they get a nice 404 error, because
http://mydomain.com/myapp/mypage.aspx doesn't exist
Any ideas on how I can instruct forms authentication to remove the "/myapp" from the returnurl?
--Michael
In development, my application is located here
http://localhost/myapp/mypage.aspx
But in production, it is deployed like so
http://mydomain.com/mypage.aspx <-- removing "myapp" from the url
But when I try to hit a page when I am not authenticated, I get bumped to the login page which looks like this:
http://mydomain.com?ReturnUrl=%2fmyapp%2fmypage.aspx, so after a successful login, they get a nice 404 error, because
http://mydomain.com/myapp/mypage.aspx doesn't exist
Any ideas on how I can instruct forms authentication to remove the "/myapp" from the returnurl?
--Michael
Hi,
have you set in the production that your login page is not myapp/mypage.aspx but mypage.aspx ?
Regards,
B..M
have you set in the production that your login page is not myapp/mypage.aspx but mypage.aspx ?
Regards,
B..M
ASKER
nauman, the problem is, it never gets to default.aspx to be checked (not that I would manually check this in each page if it was), it is adding the application name to the return url, so after logging in with the returnurl set, I get 404 errors. I just want to remove the application name from the returnurl, that's it.
mmarinov, mypage.aspx is the secured page, not the login page. I've ensured that my appname isn't in the loginurl in web.config though, it didn't seem to make a difference.
mmarinov, mypage.aspx is the secured page, not the login page. I've ensured that my appname isn't in the loginurl in web.config though, it didn't seem to make a difference.
put the following code in your web.config file:
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="mypage.aspx" protection="All" timeout="30" />
</authentication>
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="mypage.aspx" protection="All" timeout="30" />
</authentication>
those lines will specify mypage.aspx as your login page and the exact path to the page will not be specified so when you move that web.config to another server it will use the path of that server
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
YZlat, you are correct, that will get me directly to my login page, but that isn't he problem, the returnurl is showing the app name, which after I login in doesn't map correctly.
mmarinov, I certainly can remove /myapp from the returnurl, but I was hoping there would be some way to configure asp.net to forget about the appname so the returnurl would be correct. If not, I'll just do it that way.
mmarinov, I certainly can remove /myapp from the returnurl, but I was hoping there would be some way to configure asp.net to forget about the appname so the returnurl would be correct. If not, I'll just do it that way.
Raterus:
I think this arises when you copy the project to the production server. If you use Copy Project in VS.Net and use FrontPage as the copy method it sorts itself out, but if you use fileshare, or use Xcopy, it retains the virtual directory name that you developed under.
I think this arises when you copy the project to the production server. If you use Copy Project in VS.Net and use FrontPage as the copy method it sorts itself out, but if you use fileshare, or use Xcopy, it retains the virtual directory name that you developed under.
ASKER
crescendo, so what difference would copy project via frontpage make to my server that I could do manually when using xcopy?
check this out and click on the link provided on that page. That problem is same as yours
http://www.wilsondotnet.com/Tips/ViewPosts.aspx?Thread=461
http://weblogs.asp.net/HernanDL/archive/2004/06/09/ssoformsauth.aspx
http://www.wilsondotnet.com/Tips/ViewPosts.aspx?Thread=461
http://weblogs.asp.net/HernanDL/archive/2004/06/09/ssoformsauth.aspx
your application is checking for a cookie attached to the Request and if it doesn't find it,
-redirect takes place and a ReturnURL appended to the querystring
-redirect takes place and a ReturnURL appended to the querystring
Raterus:
Have you, by any chance, created a virtual directory "myApp" and pointed it at the wwwroot folder?
Have you, by any chance, created a virtual directory "myApp" and pointed it at the wwwroot folder?
ASKER
I looked at those articles, actually it was the second time today I had seen them. I came across them earlier while trying to research this issue myself before posting this question. They describe two separate applications using the same forms-authentication cookie. While intriguing to realize you can do that, it isn't exactly what I'm doing here.
ASKER
crescendo, here is my setup, and you kind of made a light go off in my head as to why this isn't working.
IIS IS configured with this application set up how the returnurl specifies, it is in it's own directory configured as an application with "myApp".
We don't keep IIS open directly to the world, so we have Apache running as a proxy server between IIS and the mean cruel world. This basically translates incoming requests to "http://mydomain.com/mysite.aspx" to an internal address "http://safelybehindapache/myApp/mysite.aspx"
Well don't know what to say from here, I'm not really expecting to convince asp.net it isn't where it thinks it is at... :-)
IIS IS configured with this application set up how the returnurl specifies, it is in it's own directory configured as an application with "myApp".
We don't keep IIS open directly to the world, so we have Apache running as a proxy server between IIS and the mean cruel world. This basically translates incoming requests to "http://mydomain.com/mysite.aspx" to an internal address "http://safelybehindapache/myApp/mysite.aspx"
Well don't know what to say from here, I'm not really expecting to convince asp.net it isn't where it thinks it is at... :-)
what about
path="~/myApp/mysite.aspx"
the tilde will redirect to the app folder.
path="~/myApp/mysite.aspx"
the tilde will redirect to the app folder.
ASKER
are you referring to the path property in web.config in the <forms> tag?. That is referring to the path of the authentication cookie, not a specific page.
why not try:
<authentication mode="Forms" >
<forms name="FirstPage" loginUrl="http://safelybehindapache/myApp/site_login.aspx" />
</authentication>
<authentication mode="Forms" >
<forms name="FirstPage" loginUrl="http://safelybehindapache/myApp/site_login.aspx" />
</authentication>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
last post by crescendo is what will work, though I'm not going to go that route when it is a simple one-line change to weed out the application name from the return url and redirect as mmarinov suggested. Problem solved!
Best, Nauman