Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

2 Pages12>
Login and redirect
infomato
#1 Posted : Monday, September 19, 2011 9:05:59 AM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear Support,

I am having issue to login on a asp.net site hosting under the pro version. The same web page did not have any issue if I switch back to the old UltiDev Web Server. One of the sub-folders is designed as require login. So when try to access any page on this sub-folder, it is redirected to an aspx login page (as is indicated on the request URL). However, even after I enter the correct password, it won't return to the request page, nor let me view the request page by entering its URL. It is as if the state of "successful login" is not maintained. Thank you for helping.
Ultidev Team
#2 Posted : Monday, September 19, 2011 11:24:43 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi there!

Would it be possible for you to run Fiddler tool to capture what's on the wire and see whether the application returns Set-Cookie header in its response after user has authenticated? If you can do that, please export Fiddler session(s) to a file and attach it to the post so we could analyze it.

If not, please consider emailing us your project (contact us first to get our email address) so we could try to reproduce the problem.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#3 Posted : Tuesday, September 20, 2011 2:02:42 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear Support,

Here is what I got from the Fiddler:

POST http://localhost:2499/WWWROOT_sql2005/login.aspx?ReturnUrl=%2fWWWROOT_sql2005%2fadmin%2fadmin.aspx
302 Found to /WWWROOT_sql2005/admin/admin.aspx

GET http://localhost:2499/WWWROOT_sql2005/admin/admin.aspx
302 Found to /WWWROOT_sql2005/login.aspx?ReturnUrl=%2fWWWROOT_sql2005%2fadmin%2fadmin.aspx

GET http://localhost:2499/WWWROOT_sql2005/login.aspx?ReturnUrl=%2fWWWROOT_sql2005%2fadmin%2fadmin.aspx
200 OK (text/html)

GET http://localhost:2499/WWWROOT_sql2005/img/login.jpg
304 Not Modified (image/jpeg)

Thanks,

Wayne
Ultidev Team
#4 Posted : Tuesday, September 20, 2011 3:33:45 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hello, Wayne.

Unfortunately it's not clear from the provided data whether Set-Cookie header was set.

Could you please follow these instructions to provide us with the full Fiddler output for us to analyze?

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#5 Posted : Tuesday, September 20, 2011 4:32:36 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear Support,

For some reasons Fiddler stopped tracing my application.

I believe the issue is to do with the pro version server failed to read the authentication ticket in cookies because I choose anonymous authentication.Please review the following debug process:

I did attach the process and stepped through the debugger. I find the following line in the login.aspx that does not work:

Response.Redirect(url, false); I check the url value is correct:"/wwwroot_sql2005/admin/default.aspx."

After executing the above line, it remains at Login.aspx. I speculate that the reason that it did not redirect because somehow the successful login status is not registered. The following function set the authentication ticket in cookie:

protected void SetAuthenticationTicket(string userName, string userData)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
txtEmail.Text,
DateTime.Now,
DateTime.Now.AddYears(1),
chkPersistent.Checked,
userData);

string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
//authenticationCookie.Domain = "infomato.net";
if(chkPersistent.Checked)
authenticationCookie.Expires = ticket.Expiration;
Response.Cookies.Add(authenticationCookie);
if(Response.Cookies[authenticationCookie.Name]==null)
lblLoginMessage.Text = "Enable \'Session cookies\'";
else
lblLoginMessage.Text = "";
}

Thanks,

Wayne
Ultidev Team
#6 Posted : Tuesday, September 20, 2011 8:15:09 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hello, Wayne.

Your cookie setting logic appears to be correct at a glance, but we can't tell for sure what's going on until we see which cookies are set when your application does Response.Redirect() and which cookies are sent back by the browser back to your application on the subsequent requests. Try running Fiddler and accessing your application by machine name or machine's IP address instead of localhost or 127.0.0.1. Also check whether you need to re-start tracing in Fiddler by hitting F12.

Also, consider adding Trace=true to your master page's <% Page %> tag, or to pages involved in this scenario. We'll need to see how and whether cookies are set by our web server to see whether UWS does something wrong, or whether there is something not quite right with the applications.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#7 Posted : Tuesday, September 20, 2011 11:58:31 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear support,

How do I send you the fiddler file?

Thanks,

Wayne
Ultidev Team
#8 Posted : Wednesday, September 21, 2011 8:53:51 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hello, Wayne.

If your file is password-protected (preferred method), then please attach the file to your forum post response using "Attach files to this post" checkbox, or using Attach button on your existing posting; and then use Contact Us link at the top of the page to send us the password to your file.

If the file not password-protected, then use Contact Us link to send us an email and get our email address to use later to send the files.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#9 Posted : Wednesday, September 21, 2011 12:08:26 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear support,

Please see attached Fiddler file. The same application works on the legacy version where I can log in. In the pro version, I suspect the issue originates from either not properly write encrypted authentication cookie or not rad it back. No password was set on the attachment.

Thanks,

Wayne
Ultidev Team
#10 Posted : Wednesday, September 21, 2011 1:21:22 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hello, Wayne.

You need to trace your application to the point where you see SetAuthenticationTicket() being called. We do not see auth cookie being set in the redirect response after logging in.

In the attached file we have highlighted the "redirect after login" session. It shows that "login" cookie is set, but no auth cookie. Could you please confirm that you set auth cookie before redirecting?

Best regards,
UltiDev Team.
Ultidev Team attached the following image(s):
Ultidev Team attached the following image(s): Infomato.Cookie.png
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#11 Posted : Wednesday, September 21, 2011 2:01:41 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear Support,

Yes, it does stepped into the function SetAuthenticationTicket (see attached screen shot). Please bear in mind that the exact identical code works for the legacy version.

Thank you for helping,

Wayne
File Attachment(s):
Ultidev2.jpg (273kb) downloaded 154 time(s).
Guest
#12 Posted : Wednesday, September 21, 2011 5:16:09 PM(UTC)
Groups:
Joined: 11/1/2005(UTC)
Posts: 278

Wayne,

Be sure to verify that the value of chkPersistent.Checked is what you think it is. Other than that your code looks pretty solid to me.
Ultidev Team
#13 Posted : Wednesday, September 21, 2011 6:51:38 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Wayne,

We created a standard ASP.NET application with Forms auth and had no trouble making it work, setting auth cookies, etc.

We do not see anything wrong with your code, so we think in order for us to help you, we will need your project - or if you can create a small project for us to test that would also reproduce the problem - we will be happy to work on that and get to the bottom of the problem.

If you decide to send us your entire project, either password-protect it, or us Contact Us link first to get our email address.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#14 Posted : Wednesday, September 21, 2011 7:00:52 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Can you send your project so I can test it on my machine? I have VS 2008. By any chance you can save it in 2008? My project is complicated. So I am embarrassed to send you one before I figure out form yours.

Thanks a lot,

Wayne
p.s. I have attached a screen shot to show the value of chkPersistent.Checked=true.
infomato attached the following image(s):
infomato attached the following image(s): Ultidev3.jpg
Ultidev Team
#15 Posted : Wednesday, September 21, 2011 7:26:07 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Sorry, we used Visual Studio 2010 - it created a project with forms auth, and we use SQL Server as membership provider, so it may not work. Could you please look up a .NET forms auth sample project on the web and see if that can be tweaked into reproducing the problem?

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Ultidev Team
#17 Posted : Wednesday, September 21, 2011 11:23:15 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Wayne,

We were able to reproduce the problem using your project. We are looking into it and will let you know as soon as we figure this out.

Thank you,
UltiDev Team.

Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#18 Posted : Thursday, September 22, 2011 12:18:58 AM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear Support,

That's great! I am so glad. I am looking forward to seeing the bug fix.

Thank you so much,
Wayne
Ultidev Team
#19 Posted : Thursday, September 22, 2011 8:29:42 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Thank you much for helping us with diagnostics, Wayne.

It appears that when multiple cookies are set, only the last one gets actually set and all others disappear. We will keep you posted about our progress.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Ultidev Team
#20 Posted : Thursday, September 22, 2011 8:49:28 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
It's now official: we've got a very big bad bug that keeps only last Set-Cookie header in the response. Thank you for bringing it to our attention.

It's caused by the following bug in the .NET Framework 2.0:
http://support.microsoft.com/kb/933905

Next build will provide a fix. .NET Framework 2.0 SP1 will be required for our upcoming fix to work.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
infomato
#21 Posted : Thursday, September 22, 2011 12:21:54 PM(UTC)
Groups: Member
Joined: 10/13/2007(UTC)
Posts: 23
Location: California

Thanks: 4 times
Was thanked: 1 time(s) in 1 post(s)
Dear support,

It was an honor to be in this exciting development process. Does it mean if I select the Pro version to work in .NET 4.0, this problem may disappear?

Thanks,

Wayne
Rss Feed  Atom Feed
Users browsing this topic
Guest (4)
2 Pages12>
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.