|
.net
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
<forms loginUrl="https:// pbI have a problem with Forms authentication and the default login page set in web.config I want to use an https secured page for it so I put in web.config authentication section <form loginUrl="https://www.mysite.com/login/login.aspx ..../> my web site supports ssl with a certficate and I am able to access directly from any browser the page https://www.mysite.com/login/login.aspx but when it is triggered by asp.net, when a non authenticated session try to access a path which need authenticated users, it always generate the non secured url http://www.mysite.com/login/login.aspx why ? I should get the https version as written in web.config ? Any help welcome. CS re:
!> <form loginUrl="https://www.mysite.com/login/login.aspx ..../> Is that a typo ? That should be <forms loginUrl= Other than that, here's a pretty good tutorial which can server as a model for you: http://tonesnotes.com/blog/2004/05/aspnet_forms_authentication_wi.html Also, there are those who say that making your login page https is not good practice. Your login page should be http and your *other* pages should be https. Check out these two discussions : http://forums.asp.net/t/1110341.aspx http://forums.asp.net/t/836624.aspx ....and this article with sample code: http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx Juan T. Llibre, asp.net MVP ¿ Estas probando VS 2010 y ASP.NET 4.0 ? Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español http://asp.net.do/foros/forums/ ===================================================== Show quoteHide quote "ADNT" <christian.surieux@NOSPAMPaddonnice.com> wrote in message news:O8j7j4Y9JHA.1340@TK2MSFTNGP05.phx.gbl... > Hello, > > I have a problem with Forms authentication and the default login page set in web.config > > I want to use an https secured page for it so I put in web.config authentication section > <form loginUrl="https://www.mysite.com/login/login.aspx ..../> > > my web site supports ssl with a certficate and I am able to access directly from any browser the page > https://www.mysite.com/login/login.aspx > > but when it is triggered by asp.net, when a non authenticated session try to access a path which need authenticated > users, it always generate the non secured url > http://www.mysite.com/login/login.aspx > > why ? > I should get the https version as written in web.config ? > > > Any help welcome. > > CS Thanks, that was a typo ( a lazzy finger)
I will give a look to your links. But as login and pwd a sent in clear text I am thinking that ssl is a good protection, isn't it ? CS Show quoteHide quote "Juan T. Llibre" <nomailrepl***@nowhere.com> a écrit dans le message de news:eS0mKhe9JHA.4204@TK2MSFTNGP04.phx.gbl... > re: > !> <form loginUrl="https://www.mysite.com/login/login.aspx ..../> > > Is that a typo ? > > That should be <forms loginUrl= > > Other than that, here's a pretty good tutorial which can server as a model > for you: > > http://tonesnotes.com/blog/2004/05/aspnet_forms_authentication_wi.html > > Also, there are those who say that making your login page https is not > good practice. > Your login page should be http and your *other* pages should be https. > > Check out these two discussions : > > http://forums.asp.net/t/1110341.aspx > > http://forums.asp.net/t/836624.aspx > > ...and this article with sample code: > > http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx > > > > Juan T. Llibre, asp.net MVP > ¿ Estas probando VS 2010 y ASP.NET 4.0 ? > Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español > http://asp.net.do/foros/forums/ > ===================================================== > "ADNT" <christian.surieux@NOSPAMPaddonnice.com> wrote in message > news:O8j7j4Y9JHA.1340@TK2MSFTNGP05.phx.gbl... >> Hello, >> >> I have a problem with Forms authentication and the default login page set >> in web.config >> >> I want to use an https secured page for it so I put in web.config >> authentication section >> <form loginUrl="https://www.mysite.com/login/login.aspx ..../> >> >> my web site supports ssl with a certficate and I am able to access >> directly from any browser the page >> https://www.mysite.com/login/login.aspx >> >> but when it is triggered by asp.net, when a non authenticated session try >> to access a path which need authenticated users, it always generate the >> non secured url >> http://www.mysite.com/login/login.aspx >> >> why ? >> I should get the https version as written in web.config ? >> >> >> Any help welcome. >> >> CS > > > I was knowing these links but no relevants for my pb, I have respected
everything and have already used the Forms/LoginUrl in the past without problems. But now due to new .net features like ajax and we use .net extensions breaking the old rules. For example <httpRuntime useFullyQualifiedRedirectUrl="true" ...> and Response.RedirectLocation + <service name="System.Web.ApplicationServices.AuthenticationService" Seems this leads to rewriting done by .net to go to logingurl to be broken: unable to change to https as it was doing before. CS Show quoteHide quote "Juan T. Llibre" <nomailrepl***@nowhere.com> a écrit dans le message de news:eS0mKhe9JHA.4204@TK2MSFTNGP04.phx.gbl... > re: > !> <form loginUrl="https://www.mysite.com/login/login.aspx ..../> > > Is that a typo ? > > That should be <forms loginUrl= > > Other than that, here's a pretty good tutorial which can server as a model > for you: > > http://tonesnotes.com/blog/2004/05/aspnet_forms_authentication_wi.html > > Also, there are those who say that making your login page https is not > good practice. > Your login page should be http and your *other* pages should be https. > > Check out these two discussions : > > http://forums.asp.net/t/1110341.aspx > > http://forums.asp.net/t/836624.aspx > > ...and this article with sample code: > > http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx > > > > Juan T. Llibre, asp.net MVP > ¿ Estas probando VS 2010 y ASP.NET 4.0 ? > Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español > http://asp.net.do/foros/forums/ > ===================================================== > "ADNT" <christian.surieux@NOSPAMPaddonnice.com> wrote in message > news:O8j7j4Y9JHA.1340@TK2MSFTNGP05.phx.gbl... >> Hello, >> >> I have a problem with Forms authentication and the default login page set >> in web.config >> >> I want to use an https secured page for it so I put in web.config >> authentication section >> <form loginUrl="https://www.mysite.com/login/login.aspx ..../> >> >> my web site supports ssl with a certficate and I am able to access >> directly from any browser the page >> https://www.mysite.com/login/login.aspx >> >> but when it is triggered by asp.net, when a non authenticated session try >> to access a path which need authenticated users, it always generate the >> non secured url >> http://www.mysite.com/login/login.aspx >> >> why ? >> I should get the https version as written in web.config ? >> >> >> Any help welcome. >> >> CS > > >  
Other interesting topics
Disable Validation For Dynamically Created Control
Multiple Drop-Downs ASP.NET System.OutOfMemoryException too many forms, what should I do? MSDN help for MVC Value cannot be null. Parameter name: type Permissions on new Text File - IIS6 and Windows authentication. LinkButton fails in Firefox *The ASP.NET requires .NET Framework 1.1 from Microsoft. Time out of page response |
|||||||||||||||||||||||
