ASP.NET SqlMembershipProvider Infinite Loop?

Question

I am trying to configure authentication using a few tutorials I have found on the Membership Providers paradigm found in ASP.NET v2.0. I've followed the examples in the tutorial but can't seem to get the FormsAuthentication.RedirectFromPage method to work appropriately. When I attempt a login, the user credentials are validated via Membership.ValidateUser but the page is sent back to Login.aspx instead of Default.aspx. Here is the relevant snippet from my web.config:

...
<authentication mode="Forms">
  <forms loginUrl="Login.aspx" protection="All" timeout="60" name="POTOKCookie" requireSSL="false" path="/FormsAuth"
         slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" defaultUrl="~/Default.aspx"/>
</authentication>
<authorization>
  <deny users="?" />
</authorization>
...
<membership defaultProvider="CustomizedProvider">
  <providers>
    <clear />
    <add name="CustomizedProvider"
         type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="LoginDB2"
         applicationName="POTOK"
         minRequiredPasswordLength="5"
         minRequiredNonalphanumericCharacters="0" />
  </providers>
</membership>

I've verified that my connection string is correct (since Membership.ValidateUser seems to be working just fine) and am using the ASP.NET Login control for the UI on my Login.aspx page. Here is the authenticate event handler code:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
    If (Membership.ValidateUser(Login1.UserName, Login1.Password)) Then
        FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
    End If
End Sub

When I visit the url (http://localhost/Project) I am taken to: http://localhost/Project/Login.aspx and after the "login" my url is: http://localhost/Project/Login.aspx?ReturnUrl=%2fProject%2fDefault.aspx

Did I miss a configuration step?

Answer 1

If you use the Login control with ASP.NET membership, you do not need to write code to perform authentication. However, if you want to create your own authentication logic, you can handle the Login control's Authenticate event and add custom authentication code.

So, I suggest you simply delete Login1_Authenticate event as far as it does the double work, I think, because control itself is responsible for calling ValidateUser and redirection.

Also check DestinationPageUrl property of the Login control

If you do not specify a value for the DestinationPageUrl property, the user will be redirected to the original page the user requested after successfully logging in. So in your case this property should not be set.

Answer 2

The problem is in path="/FormsAuth" parameter. Remove this variable and try again

Read this post about why path can be wrong

From MSDN: path - Optional attribute. Specifies the path for cookies that are issued by the application. The default is a slash (/), because most browsers are case-sensitive and will not send cookies back, if there is a path case mismatch.

NOTE: The path attribute is case sensitive. Therefore, if the you set the value of the path attribute to /application1, and if the application name is Application1, the authentication cookie path is /application1.

So if you want to use path property, you should set it to "/project" because Project is the name of your application (as far as I understood). But I don't think you need to have different paths when you use different cookies names (i.e. name="POTOKCookie" in this application, i hope will be different from other ASP.NET applications installed on the same host)

See PRB: Forms Authentication Requests Are Not Directed to loginUrl Page