tags:

views:

66

answers:

2
Q: 

Application loses authentication when performing redirect to a virtual directory

I have the following setup: http://www.example.com/dir1/ and http://www.example.com/dir2/

Each virtual directory is configured on IIS6.0 as an application with own AppPool.

When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to the login page. This issue was not coming up with each app (dir1 and dir2) were configured under subdomain, ex: http://dir1.example.com and http://dir2.example.com.

I have resolved the issue by adding a machine key to the machine.config file.

Can someone explain to me why it's not working on a http://www.example.com/dir1 configuration?

+1  A: 

I don't know ASP , but my guess would be that you're not specifying a path for the session cookie you're using, so the path setting will default to the path the cookie is being set in, /dir1 and /dir2, respectively.

When using subdomains, you probably used example.com as the main cookie domain, so it was accessible to both subdomains = no problem.

You should be able to find this out by examining the session cookie in your browser (e.g. in the "Cookies" tab in Firefox's Web Developer Toolbar).

If I'm correct, you will need to specify / as the path for the session cookie somewhere.

I don't know at which point to fine-tune that, but maybe it points you into the right direction.

Pekka  2010-05-03 17:32:25
+1 real good guess. but... by default, the forms cookie path is `/`, http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx . Unless OP is explicitly specifying a different value and getting in his own way, there is something else going on.
Sky Sanders  2010-05-03 19:18:48
@code poet good point and good link. Interested to see what this turns out to be.
Pekka  2010-05-03 19:23:19
A: 

I regularly configure applications this way. There are a few places you can go astray.

  1. Each web.config must have an exact duplicate of a common machineKey section. E.G. generate one section and paste it into all web.configs that you want to share FormsTickets with.

  2. Each MembershipProvider (and Roles/Profiles etc) element must share the same applicationName attribute. By default this is '/' so unless you have manually changed it there should be not problem.

  3. All providers in all applications must share a common connection string to a common aspnetdb instance.

  4. If you have tried any of these steps individually or incrementally it is likely that the DB is in an inconsistent state. Ensure that each of these requirements is satisfied and start with a fresh database.

If you follow these steps you should have no problems. This is a fairly common and straight forward use case.

Let me know if you have any more questions.

Sky Sanders  2010-05-05 16:46:08
I understand these steps. What I was asking is: Why sharing common machine key is required for virtual directory configuration vs vhost configuration.
nuhusky2003  2010-05-10 19:19:55

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps