Home/ Questions/Q 4252776
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T04:51:43+00:00

I’m building a silverlight application hosted on ASP.NET Web App. / IIS7 / SSL-enabled

  • 0

I’m building a silverlight application hosted on ASP.NET Web App. / IIS7 / SSL-enabled website.
For security, I put my silverlight page inside a Members folder in the ASP.NET Web Application, and restricted access from anonymous users.(see web.config below)

when users try to access pages under Members folder, they get redirected to https://www.ssldemo.com/authenticationtest/login.aspx. (see web.config below)
(I’ve mapped http://www.ssldemo.com to 127.0.0.1).
for security, I’m switching to HTTPS in login.aspx, and back to HTTP after validation.
below is the code for login.aspx.cs.

    protected void Page_Load(object sender, EventArgs e)
    {
        LoginControl.LoggedIn += new EventHandler(LoginControl_LoggedIn);
    }

    void LoginControl_LoggedIn(object sender, EventArgs e)
    {
        //for going to ReturnURL & switching back to HTTP
        string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]);
        string returnURL = Request["ReturnURL"];
        Response.Redirect(ResolveClientUrl("http://" + serverName + returnURL)); 
    }

The problem is, when I deploy another application to http://www.ssldemo.com/authenticationtest/members/AnotherApplication/
and open http://www.ssldemo.com/authenticationtest/members/AnotherApplication/default.aspx,
Users get redirected to https://www.ssldemo.com/authenticationtest/login.aspx?ReturnUrl=%2fauthenticationtest%2fmembers%2fanotherapplication%2fdefault.aspx.
but even when I enter the correct credentials at login page, I get redirected to the same login page again, not to the ReturnUrl. when I looked into fiddler, it said ‘302 object moved to here.’

Thank you for reading! Any input will be much appreciated.

<configuration>
<connectionStrings>
    <add name="CompanyDatabase" connectionString="Data Source=192.168.0.2;Initial Catalog=SomeTable;User ID=Username;Password=P@ssword" />
</connectionStrings>

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <authentication mode="Forms">
        <forms slidingExpiration="true" timeout="15"
               loginUrl="https://www.ssldemo.com/authenticationtest/login.aspx"
               defaultUrl="~/Members/Default.aspx"
               >
        </forms>
    </authentication>
    <!--Custom Membership Provider-->
    <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="15">
        <providers>
            <clear />
            <add name="MyMembershipProvider"
                 type="AuthenticationTest.Web.MyMembershipProvider"
                 connectionStringName="CompanyDatabase"
                 applicationName="AuthenticationTest.Web"/> 
        </providers>
    </membership>
</system.web>
<!--securing folders-->
<location path="Members">
    <system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</location>    
</configuration>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The application below members (the sub app) inherits settings from the one above, so it picks up your auth settings, which is why it goes to that login page.

    The reason why it never works is to do with how the ticket is encrypted. Tickets cannot be reused between applications unless you do some extra config. This stops a user authenticating in one app then accessing every other app on the server. Asp.Net does this by creating a new random key for each app.

    First you need to add enableCrossAppRedirects=true to the forms element. You then need to set the MachineKey to be the same in both apps so that both apps can decode the auth tickets.

    This page may help http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

    • 0