0
Answer

Login form logs in but forces you to login again replacing domain in url - forms authentication problem?

rob 0

rob 0

19y
1.7k
1
I have a web application on a hosted server with an administration login area. The login works perfectly on the local server but not on the hosted server with the public domain. The public area of the site (non-administration) works perfectly including a login form there that uses the same login classes and processes as the administration login. In the administration area, if you browse to the administration login page using the public domain (eg.www.forums.com/login.aspx), you can login correctly creating a site principal and identity, setting a cookie and redirecting to the default administration page. However, when you browse to any other admin page you get redirected back to the login page with the http address of the page changed in the URL. Before it was like http://www.forums.com/login.aspx, but now it's changed to the hosting company's site-specific domain, eg. http://2345.brahm.host.com/login.cfm. Now if you leave the domain as http://2345.brahm.host.com/login.cfm and login, eveything works perfectly. But of course we want the public domain (eg. www.forums.com) not the other. The website forms based user authentication implements the .NET roles based security using Principal & Identity. As i said before, everything works perfectly on the local server with the local address (not the public domain), and even on the hosted server user authentication works perfectly in the public section. This problem only occurs in the adminstration system login... Any ideas? Forms authentication in the web.config looks like this: This is the guts of the login script: PMSPrincipal newUser = PMSPrincipal.ValidateLogin( EmailAddress.Text, Password.Text ); if (newUser == null) { LoginResult.Text = "Login failed for " + EmailAddress.Text; LoginResult.Visible = true; } else { SiteIdentity thisIdentity = (SiteIdentity)newUser.Identity; int IsAdmin = ECInsight.WebModules.Accounts.Business.UserGroup.GetGroupAdmin(thisIdentity.UserID); if ( thisIdentity.Active == 1 && IsAdmin == (int)1 ) { // ONCE THE USER IS AUTHENTICATED WE SET THE FORMSAUTHENTICATION COOKIE // WE STILL HAVEN'T COPIED THE USER TO CONTEXT.USER. // THE PMSPAGE.CS WILL PICK UP ON THE COOKIE WHEN THE NEXT PAGE LOADS AND REPLACE THE DEFAULT CONTEXT.USER WITH OUR OWN FormsAuthentication.SetAuthCookie( EmailAddress.Text, false ); Response.Redirect("~/Admin.aspx"); } else if ( thisIdentity.Active == 1 && (IsAdmin < (int)1) ) { // IF THE USER IS NOT AUTHORISED TO ACCESS THE SITE WE DISPLAY A MESSAGE JUST AS WE DID ABOVE LoginResult.Text = "Login failed for " + EmailAddress.Text; LoginResult.Visible = true; } else { // IF THE USER IS NOT AUTHORISED TO ACCESS THE SITE WE DISPLAY A MESSAGE JUST AS WE DID ABOVE LoginResult.Text = "Login expired for " + EmailAddress.Text; LoginResult.Visible = true; } }