Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Forms Authentication & ReturnUrl

Posted on 2004-08-04
20
1,396 Views
Last Modified: 2008-01-16
Here's my problem, should be simple enough to understand

In development, my application is located here
http://localhost/myapp/mypage.aspx

But in production, it is deployed like so
http://mydomain.com/mypage.aspx <-- removing "myapp" from the url

But when I try to hit a page when I am not authenticated, I get bumped to the login page which looks like this:

http://mydomain.com?ReturnUrl=%2fmyapp%2fmypage.aspx, so after a successful login, they get a nice 404 error, because

http://mydomain.com/myapp/mypage.aspx doesn't exist

Any ideas on how I can instruct forms authentication to remove the "/myapp" from the returnurl?

--Michael
0
Comment
Question by:raterus
  • 7
  • 5
  • 3
  • +3
20 Comments
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11715899
http://mydomain.com?ReturnUrl=default.aspx. In default.aspx check to see if user is authenticated and redirect where is required.

Best, Nauman
0
 
LVL 28

Expert Comment

by:mmarinov
ID: 11715928
Hi,
have you set in the production that your login page is not myapp/mypage.aspx but mypage.aspx ?

Regards,
B..M
0
 
LVL 33

Author Comment

by:raterus
ID: 11716026
nauman, the problem is, it never gets to default.aspx to be checked (not that I would manually check this in each page if it was), it is adding the application name to the return url, so after logging in with the returnurl set, I get 404 errors.  I just want to remove the application name from the returnurl, that's it.

mmarinov, mypage.aspx is the secured page, not the login page.  I've ensured that my appname isn't in the loginurl in web.config though, it didn't seem to make a difference.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 35

Expert Comment

by:YZlat
ID: 11716062
put the following code in your web.config file:

 <authentication mode="Forms">
            <forms name="appNameAuth" path="/" loginUrl="mypage.aspx" protection="All" timeout="30" />
         
        </authentication>
0
 
LVL 35

Expert Comment

by:YZlat
ID: 11716098
those lines will specify mypage.aspx as your login page and the exact path to the page will not be specified so when you move that web.config to another server it will use the path of that server
0
 
LVL 28

Assisted Solution

by:mmarinov
mmarinov earned 150 total points
ID: 11716101
i see now
so to redirect to a page skiping the /myapp/ you have to redirect manuall by removing the %2fmyapp%2f from the ReturnUrl
Regards,
B..M
0
 
LVL 33

Author Comment

by:raterus
ID: 11716208
YZlat, you are correct, that will get me directly to my login page, but that isn't he problem, the returnurl is showing the app name, which after I login in doesn't map correctly.

mmarinov, I certainly can remove /myapp from the returnurl, but I was hoping there would be some way to configure asp.net to forget about the appname so the returnurl would be correct.  If not, I'll just do it that way.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11716217
Raterus:

I think this arises when you copy the project to the production server. If you use Copy Project in VS.Net and use FrontPage as the copy method it sorts itself out, but if you use fileshare, or use Xcopy, it retains the virtual directory name that you developed under.
0
 
LVL 33

Author Comment

by:raterus
ID: 11716253
crescendo, so what difference would copy project via frontpage make to my server that I could do manually when using xcopy?
0
 
LVL 35

Expert Comment

by:YZlat
ID: 11716690
check this out and click on the link provided on that page. That problem is same as yours

http://www.wilsondotnet.com/Tips/ViewPosts.aspx?Thread=461

http://weblogs.asp.net/HernanDL/archive/2004/06/09/ssoformsauth.aspx
0
 
LVL 35

Expert Comment

by:YZlat
ID: 11716772
your application is checking for a cookie attached to the Request and if it doesn't find it,
-redirect takes place and a ReturnURL appended to the querystring
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11716813
Raterus:

Have you, by any chance, created a virtual directory "myApp" and pointed it at the wwwroot folder?
0
 
LVL 33

Author Comment

by:raterus
ID: 11716868
I looked at those articles, actually it was the second time today I had seen them.  I came across them earlier while trying to research this issue myself before posting this question.  They describe two separate applications using the same forms-authentication cookie.  While intriguing to realize you can do that, it isn't exactly what I'm doing here.
0
 
LVL 35

Expert Comment

by:YZlat
ID: 11716890
0
 
LVL 33

Author Comment

by:raterus
ID: 11717096
crescendo, here is my setup, and you kind of made a light go off in my head as to why this isn't working.

IIS IS configured with this application set up how the returnurl specifies, it is in it's own directory configured as an application with "myApp".  

We don't keep IIS open directly to the world, so we have Apache running as a proxy server between IIS and the mean cruel world.  This basically translates incoming requests to "http://mydomain.com/mysite.aspx" to an internal address "http://safelybehindapache/myApp/mysite.aspx"

Well don't know what to say from here, I'm not really expecting to convince asp.net it isn't where it thinks it is at... :-)
0
 

Expert Comment

by:samdlg
ID: 11717174
what about

path="~/myApp/mysite.aspx"

the tilde will redirect to the app folder.

0
 
LVL 33

Author Comment

by:raterus
ID: 11717251
are you referring to the path property in web.config in the <forms> tag?.  That is referring to the path of the authentication cookie, not a specific page.
0
 

Expert Comment

by:samdlg
ID: 11717316
why not try:

    <authentication mode="Forms" > 
            <forms name="FirstPage" loginUrl="http://safelybehindapache/myApp/site_login.aspx" />
    </authentication>
0
 
LVL 9

Accepted Solution

by:
crescendo earned 350 total points
ID: 11717351
See what you mean...

Assuming the server is Windows Server, and not Pro, how about setting up your app as a new web site rather than a virtual directory? Just call it xxx.thingy.zzz it doesn't have to be a real name. Then in the advanced properties for the site, tell it to look for that name in the header. Set the name and IP address in the Apache servers /etc/hosts file, and tell it to redirect to the new name. You should then have two root-based systems.
0
 
LVL 33

Author Comment

by:raterus
ID: 11718516
last post by crescendo is what will work, though I'm not going to go that route when it is a simple one-line change to weed out the application name from the return url and redirect as mmarinov suggested.  Problem solved!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question