Last post Jun 06, 2013 09:07 PM by Rion Williams
Jun 04, 2013 11:44 AM|agillanders|LINK
OK...this is a strange one.
My web config contains:
<forms loginUrl="~/account/login.aspx" timeout="2880"/>
But when I use an anonymous account to try and access a secured page I get redirected to (for example):
NOTE: the url is pointing to login NOT to login.aspx so the resource, obviously, cannot be found. Manually adding the missing .aspx to the url in the browser address bar and the page pops up correctly. More subtly the url
redirected to has upper case Account and Login! Now imagine my surprise when I find I can change the loginUrl setting to anything I like and I STILL get redirected to the same URL. It seems the web.config is being ignored!
I would really appreciate any pointers on what is going on and where it is getting this redirection URL from!
Thanks in advance
Jun 04, 2013 12:19 PM|oned_gk|LINK
Jun 04, 2013 12:40 PM|agillanders|LINK
No, not on the pages I'm accessing (I wish it were that easy). In any case it isn't even firing pre_init, the redirection is being handled by the ASP pipeline before it gets to loading a page (I think...I'm using the development web server here so IIS should
not be interfering). The only setting that I am aware of to influence it is the loginUrl setting in web.config. Sure...once you get as far as a page load you can intercept the request and redirect away, I do that on other web sites to offer different masterpages
to different communities based on the url they request (or even where they are coming from). But in this case none of that is going on.
Furthermore I just took loginUrl out of web.condig completely (which should therefore use the machine default of "login.aspx" in the root of the site. And it is STILL trying to redirect to ~/Account/Login as before. I have no idea where it is getting this
path from. A search of all files in the solution can't find it! I even started sigging into lower level *.config files to see if something sneaked in during installation but there is nothing there either.
This is NOT a default value for ASP.Net but I cannot find where it is getting from!!!
Jun 04, 2013 01:24 PM|oned_gk|LINK
Jun 04, 2013 01:32 PM|Rion Williams|LINK
Do you have any other files that could affect this within your application such as a Global.asax file (which is typically used to handle routing rules and definitions)?
You may also want to actually just perform a basic search within your solution for "Login" or "Login.aspx" to see if you find any other areas that could possibly help you determine where this is originating from.
Jun 04, 2013 01:47 PM|agillanders|LINK
Yeah...I tried this including going as far as a full system reboot between changes in case something was getting cached somewhere. The one that is really freaking me out is when I have:
And it STILL comes up pointing to /Account/Login?... sfter a full reboot.
I would be fine with /Account/Login.aspx?... because at least that would work. Right now I have broken configuration and I cannot track down WHERE it is getting the url from that it is trying to redirect to. As far as I can tell I've looked through the full
Web.config and machine.config hierarchies to no avail.
Jun 04, 2013 01:59 PM|agillanders|LINK
Thanks for the suggestion but unfortunately I had already checked that. I do uses global.asax but mostly for initializing a few application and session variables and, when I get to it, some custom error logging code. But this is in the early stages of this
application so there is not much there yet - certainly nothing ata low enough level to interfere with the authentication/authorization mechanisms.
And I've searched far and wide trying to figure out where the setting is comming from. The only other place a similar link is used in a few masterpages and they are direct links to the login page and they work fine having, as they do, the full url including
Also worthy of note...the logon page itself works just fine. And once I've logged in the authorisations are working because no redirection is attempted. I get to the secured pages as expected.
It's really got me confused I can tell you!
Jun 04, 2013 02:07 PM|Rion Williams|LINK
Could you post as much as you can from your web.config?
If something like friendlyUrls is set, it could possibly explain why your Redirects are occurring, but any additional code that you think could possibly be helpful could help. (You may also want to check the settings within your Project to see if any
properties in there could be affecting this as well).
Jun 04, 2013 06:26 PM|agillanders|LINK
Sure. It's early days and only pointing at development resources right now (no passwords or anything yet) so here is the whole thing at this point. Also see comment below.
For more information on how to configure your ASP.NET application, please visit
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
<add name="AperiaDb" connectionString="data source=(local);Initial Catalog=aperiaDb_Local;Integrated Security=True" providerName="System.Data.SqlClient"/>
<add key="webpages:Enabled" value="true"/>
<compilation debug="true" targetFramework="4.0">
<add assembly="System.Security, Version=184.108.40.206, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Data.Entity, Version=220.127.116.11, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data.Entity.Design, Version=18.104.22.168, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Design, Version=22.214.171.124, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Windows.Forms, Version=126.96.36.199, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider"/>
<!-- <forms loginUrl="~/account/login.aspx" timeout="2880"/> -->
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="AperiaDb" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/aperia"/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="AperiaDb" applicationName="/aperia"/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="AperiaDb" applicationName="/aperia"/>
<add tagPrefix="aperia" tagName="Redirect" src="~/App_Controls/Redirect.ascx"/>
Location elements are used to allow access to members of the specified roles.
The deny element suppresses the default of all users having access to everything.
I enable individual files as a special case at the folder level so in the ~/account/ subfolder is:
This all works just fine and making changes to it confirms that the config is indeed being read. Which means somewhere between this point and actually calling the page the redirection url is being setup. Note: this must also be where the ReturnUrl querystring
gets added - I don't do that .Net does.
But whatever I set in the config file I am getting the same redirection URL setup and I can't find it anywhere!:-(
Jun 04, 2013 06:41 PM|Rion Williams|LINK
You may want to try adjusting the following section and setting the runAllManagedModulesForAllRequests to "false" to see if that makes any difference :
<system.webServer> <modules runAllManagedModulesForAllRequests="false"/> </system.webServer>
Jun 04, 2013 06:44 PM|agillanders|LINK
Further to this I put a trap on Server.GetLastError() into the Application_Error handler in Global.asax and dumped a stacktrace from the error;
at System.Web.StaticFileHandler.GetFileInfo(String virtualPathWithPathInfo, String physicalPath, HttpResponse response)
at System.Web.StaticFileHandler.ProcessRequestInternal(HttpContext context, String overrideVirtualPath)
at System.Web.DefaultHttpHandler.BeginProcessRequest(HttpContext context, AsyncCallback callback, Object state)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
This seems to confirm it is going nowhere near my code which points to a configuration issue somewhere. aaaarrrrrggghhhhh!!!!!
This has been one frustrating afternoon...but thanks for trying to help. Any other suggestions would be welcomed!!
Jun 04, 2013 06:52 PM|oned_gk|LINK
Jun 04, 2013 06:54 PM|Rion Williams|LINK
Is there any chance that you have a RouteConfig.cs file within your application (depending on your .NET version)?
If so this could possibly be related to the use of "friendly URLs" as seen below :
public static class RouteConfig
public static void RegisterRoutes(RouteCollection routes)
//Try commenting the line below out
Jun 05, 2013 05:37 PM|agillanders|LINK
FOUND IT!! And thank you for your suggestion because althpough not directly the probem it sure pointed me towards it.
<add key="webpages:Enabled" value="true"/>
Set that to false or remove it altogether and everything is back to normal! I didn't put it there...apparently it was probably added by Visual Studio when I had a play with Razor before I made my mind up to stick with forms vs MVC.
Wow...who would have thought an appSetting would do that...something buried deep in the http handlers or whatever must be looking for it. Your friendly URL comment helped too. I still don't know exeactly where the path it used was coming from but that fixed
Many thanks for staying with me.
Jun 05, 2013 07:14 PM|Rion Williams|LINK
No problem Alistair.
Sometimes it can just take someone else to look at it or to point you in the right direct to figure it out.
(Don't forget to mark any of the answers in this thread that helped you out)
Jun 06, 2013 07:25 PM|agillanders|LINK
Don't forget to mark any of the answers in this thread that helped you out
Umm. How? The only message that contained the actual solution was mine and there is no way to show an assist that I can see? I like
Experts Exchange for that reason - you can show appreciation where it belongs without flagging the wrong thing as the final solution.
Have I missed something?
Jun 06, 2013 09:07 PM|Rion Williams|LINK