Last post Feb 29, 2012 10:07 AM by Richey
Feb 23, 2012 06:11 AM|NoBullMan|LINK
I have an Intranet app that uses AD authentication and forms, based on
http://support.microsoft.com/kb/326340. It (relatively) works fine, I start the app and it goes to login page, etc. The problem occurs if I bookmark a page, close the browser, open a new one and select the bookmark. It correctly goes to login page with
a return url specified, I log in and it clears the id and password text boxes, clears the return url text and sits at login.aspx waiting for me to login again. When I do, it goes to default.aspx. In web.config, I set the authentication and authorization as:
<forms name=".ADAuthCookie" loginUrl="Account/Login.aspx" timeout="5" />
In the folder that has the login.aspx, I added a web.config and set it as:
<allow users="?" />
This is the authentication part of Lgin.aspx once "Login" button is clicked:
protected void ibLogin_Click(object sender, ImageClickEventArgs e)
//Path to LDAP directory server
string adPath = "LDAP://Some.Domain.com/DC=Some,DC=Domain,DC=com";
LdapAuthentication adAuth = new LdapAuthentication(adPath);
string sACEID = tbACEID.Text.ToUpper().Replace("AD_Domain\\", "");
if ((true == adAuth.IsAuthenticated("AD_Domain", sACEID, tbPassword.Text)))
Session["IsAuthenticated"] = true;
string groups = adAuth.GetGroups();
//Create the ticket, and add the groups.
bool isCookiePersistent = true;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, sACEID, DateTime.Now, DateTime.Now.AddMinutes(15), isCookiePersistent, "");
//Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if ((isCookiePersistent == true))
authCookie.Expires = authTicket.Expiration;
//Add the cookie to the outgoing cookies collection.
//You can redirect now.
Session["IsAuthenticated"] = false;
lblError.Text = "Login failed. Please check your user name and password and try again.";
catch (Exception ex)
if (ex.Message.StartsWith("Thread") == false)
string sURL = "Error.aspx?ErrorMsg='" + ex.Message.Replace("\r", string.Empty).Replace("\n", string.Empty)+"'";
//errorLabel.Text = "Error authenticating. " + ex.Message;
Feb 23, 2012 10:14 PM|NoBullMan|LINK
I found my problem. In master page I was checking a session variable that was not yet set and it redirected me to login page again.
I have another issue: I have a logout link where I do a Session.Abandon(); followed by a redirect to login page. However, if I use browser's back button I go to the page I was on. When I put a break point at the page's Page_Load(), it doesn't hit it. Any
way I can fix this before I hear about it from the big wigs?
Feb 29, 2012 10:07 AM|Richey|LINK
Thanks for sharing your answer. You can refer to the below link about how to disable back button.
You may post the other question in a new thread.