AD autehntication + Forms, have to login twice : The Official Microsoft ASP.NET Forums

Reply

NoBullMan

Participant

1019 Points

AD autehntication + Forms, have to login twice

Feb 23, 2012 05:11 AM|LINK

I have an Intranet app that uses AD authentication and forms, based on http://support.microsoft.com/kb/326340. It (relatively) works fine, I start the app and it goes to login page, etc. The problem occurs if I bookmark a page, close the browser, open a new one and select the bookmark. It correctly goes to login page with a return url specified, I log in and it clears the id and password text boxes, clears the return url text and sits at login.aspx waiting for me to login again. When I do, it goes to default.aspx. In web.config, I set the authentication and authorization as:

<authentication mode="Forms">
    <forms name=".ADAuthCookie" loginUrl="Account/Login.aspx"  timeout="5" />
  </authentication>
 
  <authorization>
    <deny users="?"/>
    <allow users="*"/>
  </authorization>

In the folder that has the login.aspx, I added a web.config and set it as:

<system.web> 
    <authorization> 
        <allow users="?" /> 
    </authorization> 
</system.web>

This is the authentication part of Lgin.aspx once "Login" button is clicked:

protected void ibLogin_Click(object sender, ImageClickEventArgs e)
    {
        //Path to LDAP directory server
        string adPath = "LDAP://Some.Domain.com/DC=Some,DC=Domain,DC=com";
        
        LdapAuthentication adAuth = new LdapAuthentication(adPath);
        
        try
        {
            string sACEID = tbACEID.Text.ToUpper().Replace("AD_Domain\\", "");

            if ((true == adAuth.IsAuthenticated("AD_Domain", sACEID, tbPassword.Text)))
            {
                Session["IsAuthenticated"] = true;
                string groups = adAuth.GetGroups();

                //Create the ticket, and add the groups.
                bool isCookiePersistent = true;
                FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, sACEID, DateTime.Now, DateTime.Now.AddMinutes(15), isCookiePersistent, "");

                //Encrypt the ticket.
                string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

                //Create a cookie, and then add the encrypted ticket to the cookie as data.
                HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

                if ((isCookiePersistent == true))
                {
                    authCookie.Expires = authTicket.Expiration;
                }
                //Add the cookie to the outgoing cookies collection.
                Response.Cookies.Add(authCookie);

                //You can redirect now.
                //Response.Redirect(FormsAuthentication.GetRedirectUrl(sACEID, false));
                FormsAuthentication.RedirectFromLoginPage(sACEID, isCookiePersistent);
            }
            else
            {
                Session["IsAuthenticated"] = false;
                lblError.Text = "Login failed. Please check your user name and password and try again.";
            }

        }
        catch (Exception ex)
        {
            if (ex.Message.StartsWith("Thread") == false)
            {
                string sURL = "Error.aspx?ErrorMsg='" + ex.Message.Replace("\r", string.Empty).Replace("\n", string.Empty)+"'";
                Response.Redirect(sURL);
            }
            //errorLabel.Text = "Error authenticating. " + ex.Message;
        }
    }

Edited by NoBullMan on Feb 23, 2012 05:12 AM
Edited by NoBullMan on Feb 23, 2012 05:14 AM

Reply

NoBullMan

Participant

1019 Points

780 Posts

Re: AD autehntication + Forms, have to login twice

Feb 23, 2012 09:14 PM|LINK

I found my problem. In master page I was checking a session variable that was not yet set and it redirected me to login page again.

I have another issue: I have a logout link where I do a Session.Abandon(); followed by a redirect to login page. However, if I use browser's back button I go to the page I was on. When I put a break point at the page's Page_Load(), it doesn't hit it. Any way I can fix this before I hear about it from the big wigs?