Hi,

Playing around with a CLEAN install of DNN 4 on Win XP Pro / IIS 5 / Sql Server 2000 using the default FORMS authentication and the current log on session keeps going away.

Steps to reproduce (after installing):

1. Create a child portal using the Small Business Web Site (I don't this this matters)
2. Log into child portal as that portal's admin.
3. On the home page, click Add Link under the Site Menu module.
4. After the Link Edit page displays, click the Home menu option to leave the page.
5. Bye, bye authentication.

There are other ways to reproduce this and I can reproduce on 2 machines of the same configuration.  The issue DOES NOT appear to happen in version 3.2.  It also does not happen with the host's user name / password.

Anyone else seeing this?

Thanks!


Shawn

Hi,

In playing around with this I think it's related to modules that need to access webresource.axd.  If I create a simple module and put it on a page I can go into edit mode and back out and the Request.IsAuthenticated stays set.  If I add a requiredfieldvalidator control to my simple module in edit mode, go into the edit mode and then click home, Request.IsAuthenticated = False and I'm forced to log in again.

So...

I added the following to my web.config:

    <location path="webresource.axd">
        <system.web>
            <authorization>
                <allow users="?"/>
            </authorization>
        </system.web>
    </location>
    <location path="webresource.axd">
        <system.web>
            <authorization>
                <allow users="?"/>
            </authorization>
        </system.web>
    </location>

The above items are added at the end of the <configuration> element.  These basically allow any user to access the webresource.axd file (a bunch of javascripts generated by certain web controls).

Now authentication sticks.  Yes, there are duplicate entries.  I dunno why, but things only start working if there are 2 <location> elements.  Strange.

Thanks!


Shawn

Hi,

I'm still tooling around with this one

The above web.config update got some things working but didn't catch everything.  I'm not exactly sure why.

I am definitely seeing a problem with DNN 4 / ASP.NET 2 /  Child Portals and request authentication against /dnn/webresource.axd?309230923092093 kinds of URLs. 

URLRewrite defaults to portal 0 (first alias in host settings I think) for these URLs because it can't determine where the URL is going to.  Then, AuthenticateRequest gets hit with the wrong portal id / user id combo and forces an objPortal.Signout.  The user never sees that they are signed out until they submit the form, or navigate to another page.

My latest fix attempt is to modify DNNMembershipModule.vb  - right beneath:

            'First check if we are upgrading/installing
            If Request.Url.LocalPath.EndsWith("Install.aspx") Then
                Exit Sub
            End If

I added:

            'First check if we are upgrading/installing
            If Request.Url.LocalPath.ToLower.Contains("webresource.axd") Then
                Exit Sub
            End If

This basically prevents the signout and things seem to be working - without the above web.config changes.

Is anyone else seeing this behavior?  I don't see it logged in gemini.

I'm using FORMS authentication but I suspect that the ADSI  authentication provider will exhibit the same behavior.  I've seen posts about child portal authentication issues with ADSI and am wondering if they're the same thing.



Thanks!


Shawn

Thanks for replying to my post relating to this...(http://forums.asp.net/1116041/ShowPost.aspx) 

I tried the web.config and it basically gives javascript errors when I update.  I wonder if this is related to <pages enableEventValidation="false" /> fix I had to apply to get rid of another error.  Just a guess...

My question is are the good developers at DOTNETNUKE addressing a fix for this.  It is odviously an error that prevents me from going live with it.  Others are having the same issue also...

I setup my version, skins etc and pushed it to a few employees to find that they are gettign logged off when the update pages etc..

I am working on a req for VS2005 at the moment so I cannot try the fix above.  Do you think it is totally resolved?

Thanks

Hi,

I don't this this is related to the enableEventValidation issue.

Do you think it is totally resolved?

Hard to say.  I'm not seeing the issue in my testing after applying the above DNNMembershipModule.vb fix - but my tests are not exhaustive.  I'm not even sure how widespread the issue is since there aren't many posts about it. 

Hope this helps!


Shawn

It is not resolved on my end.  But All I was able to try was the web.config section try.  I took that back out because of the javasscript errors I started to get.  I am pushing a req through to get VS2005 so that I can further test code and to try your suggestion.  I am with you I don't know why there has not been any more posts than ours.  I have looked extensivly for help on this and yours is the closest I came up with.

I installed the PA's but do you know how to get the source version installed.  I could at least change the code behind to test.  I came up with an error when I tried to install the source.  Of course that is none related I would like to get this going.  I promised several people about this.  I may have to go back to 3.x version instead for now until these issues are resolved...

I'd still be interested in knowing if this was ever made a "known" issue that is going to be resolved in the next release.

I've been having this happen a lot in DNN4 since I created some content editor accounts and have started testing them. I just didnt know whether it was DNN or IE or some sort of caching issue or what.. until I took a longer look at this thread and it is definitely the same issue.

Non-host users appear to get logged out when updating content. The only other thing I noticed is that the Login/Logout tag continues to show Logout, implying that the user is still in some way logged in.

I'm going to upgrade to 4.0.1 this evening and will see if it continues to happen.

Rob

Hi,

I had the same problem with 4.0.1. After changing the time-zone to become identical with the portal time-zone, it worked. The user got a time-out? This is, of course, a bug. It should be allowed for other content-administrators to work in a different time-zone :)

/Bonavox

Is there a real fix for this, I am having the same issue and I want to make sure I handle it accordingly.

 

thanks

 

All, 

I have been following this thread and topic on other threads and feel we are left to bootstrap this one ourselves.  It appears that there is some commonality to this problem:  what I have seen and tested so far is that it occurs on a regular basis when the form the child portal admin is on has field validators.

This is why the problem does not happen on a page with a Text/Html control.  To test this theory, I removed the field validator from one of my ascx files and when I cancelled out of the form or refreshed the page, it did not logoff.  When I added the validator back in and cancelled out of the form or refreshed the page, I was logged off.

Hopefully, someone can tell me/us how form/field validation affects child portal admin behaviour.

Thanks, Hart Penn

Does anybody have any idea of how/where to start debugging this issue?  Is there any documentation on how to debug the core code dotnetnuke.dll?  I would be glad to tackle this if I knew where to start.

Thanks,  Hart Penn

Apologies for all of the posts but have found resolution.

As far as debugging goes:  http://forums.asp.net/1124539/ShowPost.aspx

Thanks to adefwebserver

As far as Child Portal Admin forcefully being signed out: http://forums.asp.net/thread/1117063.aspx

Thanks to shware