.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
Forms Authentication ReturnURL
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngescalate' list.


Chuck Peper
Originally posted in aspngsec

In Forms Authentication the location of the originating page where
access was requested is placed in the query string using RETURNURL as
the key.

In beta 1 this contained the entire URL. In the release this contains
the path but not the web site.

If you are using forms authentication across multiple websites. How do
you know where the originating page is?

p.s. the request.HTTP_Referrer, doesn't contain it.

p.s.s. This is for an enterprise application where we have a
centralized authentication server. I authenticate via Token Cards, UNIX
Kerberos, NTLM, or LogonUser (NTLM via APIs, so Netscape users can NTLM
authenticate). Since I allow NTLM authentication, the authentication
web site MUST use Windows authentication (allow *), but issues a
FormsAuthentication Cookie. Thus I can not put the authentication code
on each content web site (Authentication site must be Windows so I can
NTLM, Contents sites are FormsAuthentication).

I tried doing a
Response.Clear()
Response.Status = "401 Unauthorized"
Response.AddHeader("WWW-Authenticate", "NTLM")
but couldn't get it to work with a site that wasy using Forms
Authentication.
Reply to this message...
 
    
Chuck Peper
Here is my work around do to the changes in the ResponseURL property
between Beta1 and the release version.

The client web site must also have the following code in the
global.asax. This is because the RequestURL passed in the request
string contains the path to the requesting web page and NOT the entire
URL.

Sub Application_AuthenticateRequest
' Fires upon attempting to authenticate the use
If Not Request.IsAuthenticated Then
Dim ck As HttpCookie
ck = New HttpCookie(FormsAuthentication.FormsCookieName())
ck.Values("RequestURL") = Request.Url.AbsoluteUri
Response.Cookies.Add(ck)
End If
End Sub

This cookie is then read during the formsauthentication page load and is
used to redirect the user back to the requesting page.
Reply to this message...
 
 
System.Web.HttpCookie
System.Web.Security.FormsAuthentication




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification