Search:   Namespaces Discussions .NET v1.1 Feedback

Forms Authentication ReturnURL Messages   Related Types This message was discovered on ASPFriends.com 'aspngescalate' list. Chuck Peper Originally posted in aspngsec In Forms Authentication the location of the originating page where access was requested is placed in the query string using RETURNURL as the key. In beta 1 this contained the entire URL. In the release this contains the path but not the web site. If you are using forms authentication across multiple websites. How do you know where the originating page is? p.s. the request.HTTP_Referrer, doesn't contain it. p.s.s. This is for an enterprise application where we have a centralized authentication server. I authenticate via Token Cards, UNIX Kerberos, NTLM, or LogonUser (NTLM via APIs, so Netscape users can NTLM authenticate). Since I allow NTLM authentication, the authentication web site MUST use Windows authentication (allow *), but issues a FormsAuthentication Cookie. Thus I can not put the authentication code on each content web site (Authentication site must be Windows so I can NTLM, Contents sites are FormsAuthentication). I tried doing a Response.Clear() Response.Status = "401 Unauthorized" Response.AddHeader("WWW-Authenticate", "NTLM") but couldn't get it to work with a site that wasy using Forms Authentication. Reply to this message...        Chuck Peper Here is my work around do to the changes in the ResponseURL property between Beta1 and the release version. The client web site must also have the following code in the global.asax. This is because the RequestURL passed in the request string contains the path to the requesting web page and NOT the entire URL. Sub Application_AuthenticateRequest ' Fires upon attempting to authenticate the use If Not Request.IsAuthenticated Then Dim ck As HttpCookie ck = New HttpCookie(FormsAuthentication.FormsCookieName()) ck.Values("RequestURL") = Request.Url.AbsoluteUri Response.Cookies.Add(ck) End If End Sub This cookie is then read during the formsauthentication page load and is used to redirect the user back to the requesting page. Reply to this message...     System.Web.HttpCookie System.Web.Security.FormsAuthentication Ad MBR BootFX Best-of-breed application framework for .NET projects, developed by Matthew Baxter-Reynolds and MBR IT

Copyright © Matthew Baxter-Reynolds 2001-2008. '.NET 247 Software Development Services' is a trading style of MBR IT Solutions Ltd. Contact Us - Terms of Use - Privacy Policy - www.dotnet247.com