This is driving me nuts:D
I'm using forms authentication and I have a login page. When I access a page it's supposed to redirect the user to that login page, then redirects them back to the requested page after login. This works fine if I use my ip or my dns in the url, but if I try to acess it locally (via http://localhost) nothing happens, it just loads the login page again. I've spent about an hour working on this, and even tried reinstalling asp, reconfiguring the application pool etc, but I cant figure it out :confused: anyone has heard of a similar problem or has any ideas what I'm doing wrong?

any ideas?

hmmm...so you type in http://localhost, the login page shows up, you type in valid credentials and you redirect back to the login screen? what happens when you step through your code? what does the authentication and authorization sections in your web.config look like?

Originally posted by pvb
hmmm...so you type in http://localhost, the login page shows up, you type in valid credentials and you redirect back to the login screen? what happens when you step through your code? what does the authentication and authorization sections in your web.config look like? well one thing that I know for sure is that it verifies the pass (because otherwise it would show me an error message that I've made for invalid logins)... yeah it comes back to the login page
this is my web.config file but I dont think it's cuz of this... I reinstalled windows and hence IIS, I'm thinking it may somehow have to do with this:rolleyes:


<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>

<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />

<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors mode="RemoteOnly" />

<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication mode="Forms">
<forms name="ProgAspNetCookie" loginUrl="login.aspx">
<credentials passwordFormat="Clear">
<user name=[someone] password=[hidden] />
</credentials>
</forms>
</authentication>


<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />


<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

</system.web>

<location path="aim.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="guestBook.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="signGuestbook.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="weather.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

Well, not sure how helpful this info is but here's the important parts of my web.config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
<credentials passwordFormat="Clear">
<user name="chris@panteravb.com" password="test"/>
</credentials>
</forms>
</authentication>

<authorization>
<deny users="?"/>
</authorization> and then for my login page on the event handler of the login button:
protected void btnLogin_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(txtEmail.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked);
}
else
{
lblError.Text = "Email or password incorrect!";
}
}...Totally started this project from scratch so I know there are no smoke and mirrors. Tried it with http://127.0.0.1 , http://localhost , and http://DeathAngel , and they all worked. I'm runnin Win2K3, not sure if i'm set up some special way but that's what I got.

umm mine USED to work, that's whats puzzling me, because I dont think I changed any code whatsoever. Yeah mine is kinda similar to your web.config too. I'll try to mess with iis permission settings to see if it makes a difference :(

god I cant believe how stupid the answer is: it was ZoneAlarm's filters... I was looking at the page source and figure it out heh
I would have figured it out sooner had it not worked for the DNS too. Thanks for the replies anyways:D

I am currently experiencing a similar problem.

I have an app with a secured sub directory. When I attempt to access a page in the sub directory I am redirected to the logon page.

after entering my uid/pwd and click logon I am redirected back to the login page. here is my code and web.config
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim UID As String = txtUID.Text
Dim Pwd As String = txtPwd.Text
Dim cmd As New SQLStoredProcedure(AppSettings("cnn"))
Dim F As FormsAuthentication
Dim Input As New ArrayList

Input.Add(UID)
Input.Add(Pwd)
Try
If cmd.SetData("sp_Authenticate_s", Input).Item(0) Then
F.RedirectFromLoginPage(UID, False)
Else
lblError.Text = "*Invalid Logon*"
End If
Catch ex As Exception
lblError.Text = ex.Message
End Try
End Sub
web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<location path="dataentry">
<system.web>
<authentication mode="Forms">
<forms
name=".OPSREPORT"
loginUrl="../logon.aspx"
protection="All"
slidingExpiration="true"
timeout = "10"
/>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="Off" />
<authentication mode="None" />
<authorization>
<allow users="?" /> <!-- Allow all users -->
</authorization>
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false"
timeout="20"
/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
where can I view Zone Alarms? I have never adjusted these, but it's worth a look since it helped you.

hmm you should have PMed me if you were asking me cuz I just accidentally saw the "bump" to this post :)


it was a while ago and I don't really remember exactly what I changed in zonealarm. One thing that I usually disable is the Ad Blocking of ZA: in Privacy tab, turn off Ad Blocking (and perhaps Cookie control?) and see if it changes anything. I'm sure you can figure it out by playing with the settings though:D

Did anyone ever figure this out, I am having the same problem.