FormsAuthentication - <http://localhost> Works, <http://RealMachineName> Does Not

  • Thread starter Thread starter T. Regan
  • Start date Start date
T

T. Regan

I have a test app where I have Forms Authentication set up.

When I build and run the app as http://localhost/testapp/login.aspx, it runs
correctly. I get the login prompt and the proper redirection to the secured
page.

When I run the app as http://<RealMachineName>/testapp/login.aspx, I get the
login page, but after logging in, I stay on the login page. The URL address
shows
http://<RealMachineName>/testapp/LoginPage.aspx?ReturnUrl=%2ftestapp%2fSecuredPage.aspx.

Can anyone tell me what I need to change here? Thanks.
 
Good morning, Paul. Glad to know someone else works on Sunday morning.

Here's the authentication section of web.config:
........
<authentication mode="Forms">

<forms name="AuthCookie" loginUrl="LoginPage.aspx">

<credentials passwordFormat="Clear">

<user name="Tom" password="tucker" />

<user name="TomReal" password="tuckerreal" />

</credentials>

</forms>

</authentication>

........
Configuration section is:
...........
<configuration>

<location path="SecuredPage.aspx">

<system.web>

<authorization>

<allow users="Tom"/>

<deny users="?"/>

</authorization>

</system.web>

</location>

..........
Here's the code from the login page:
......................
Sub Login(obj as object, e as eventargs)
If (FormsAuthentication.Authenticate(txtUserName.Text,
txtPassword.Text)) then FormsAuthentication.SetAuthCookie(txtUserName.Text,
false)
Select Case txtUsername.Text
Case "Tom"
Response.Redirect ("SecuredPage.aspx")
Case Else Label4.Text = "Please contact Support. User "
& txtUserName.Text & " is not recognized."
End Select
Else
Label4.Text = "Sorry, invalid user name or password."
End If
End Sub

.....................


The IIS config for the site is:
Directory Security: Anonymous access set to IUSR_<RealMachineName>, IIS
controls password. Also set to Integrated Windows authentication.
Documents: Default documents set to (Default.htm,default.asp,
index.htm,iisstart.asp). I don't have any of those docs in the application.
My login page is loginpage.aspx, my application page is SecuredPage.aspx.
App permissions are set to: Read, Write, log visits.
Application settings are: Application name: TestApp
Execute permissions: Scripts only
Application Protection: Medium(pooled).

Let me know if there's another information that would be helpful.
Thanks for your help.
 
The response you are getting from the "real" machine looks like what you
should get if you went to:
http://<RealMachineName>/testapp/SecuredPage.aspx instead of the login page.
In that case, after authentication, you would use .redirectfromloginpage to
return to it.
 
I'll try that, Rick. Thanks.

Rick Spiewak said:
The response you are getting from the "real" machine looks like what you
should get if you went to:
http://<RealMachineName>/testapp/SecuredPage.aspx instead of the login page.
In that case, after authentication, you would use .redirectfromloginpage to
return to it.
Click to expand...
 
Back
Top