IIS Page Redirecting for no apparent reason

tags:

iis
redirect

views:

233

answers:

IIS Page Redirecting for no apparent reason

I'm the IIS admin, not the developer on this site, so the code is opaque to me. I'm stumped, though, for where to look.

Using Windows Forms Authentication, the user is directed to a login page. If their password is expired, they are directed to ChgExpiredPwd.aspx. On our dev and test servers this works. On our production server, the user is redirected to login page again with a "ReturnURL=ChgExpiredPwd.aspx". Not the desired behaviour.

Fiddler says the server is responding with an immediate 302 redirect to the login page. The test server responds with a 200. The IIS properties for the site and for that page have no redirects - all, "The designated file." There's no redirect built into the codebehind so's I can see it. No redirects in the target page, though the redirect is happening server-side, so it has to be in the code somewhere. If I take \bin*.dll from production and put it all on test, it does not reproduce the error.

I'm out of ideas.

+1 A:

Have a look in the web.config file at the root of the site. Forms based authentication is typically configured there and the default behavior is to redirect from a "secure" page to the login to authenticate (if the user has not yet done so), and one of the parameters it passes is the ReturnURL.

This explains it pretty well: http://msdn.microsoft.com/en-us/library/aa480476.aspx

Ryan Eastabrook 2008-11-21 16:59:47

Bingo. <location path="ChgExpiredPwd.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location>Commenting out the listed element recreates the behaviour in test. Thank you, Ryan!

codepoke 2008-11-21 17:06:34

Dont forget to grant access to images or script resources that will be used by the non-authenticated pages.

StingyJack 2008-11-21 17:37:05

ansaurus

tags:

views:

answers:

IIS Page Redirecting for no apparent reason

related questions