Hello everyone,
I come to you for help at figuring out our Forms Authentication issue. It all works like a charm when run locally (either dev. Machine or Server), but when we try to access the site over the network it fails.
Here's the web.config chunk...
<authentication mode="Forms">
<forms loginUrl="~/Inicio/Login.aspx" name=".CesAUTH" timeout="2" protection="All" slidingExpiration="true" defaultUrl="~/Inicio/Login.aspx" requireSSL="true"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
<location path="Inicio">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Here's the code used to create the authentication cookie once the user's credentials have been validated against our db:
HttpCookie authCookie = FormsAuthentication.GetAuthCookie(UsrRUT.ToString(), false);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, UsrRUT.ToString() + "_" + DateTime.Now.ToString("yyyyMMddHHmmssfff"));
authCookie.Value = FormsAuthentication.Encrypt(newTicket);
HttpContext.Current.Response.Cookies.Add(authCookie);
FormsAuthentication.RedirectFromLoginPage(UsrRUT.ToString(), true);
Here the code used in the Global.asax:
void Application_OnPostAuthenticateRequest(object sender, EventArgs e)
{
IPrincipal usr = HttpContext.Current.User;
if (usr.Identity.IsAuthenticated && usr.Identity.AuthenticationType == "Forms")
{
FormsIdentity fIdent = usr.Identity as FormsIdentity;
CustomIdentity ci = new CustomIdentity(fIdent.Ticket);
CustomPrincipal p = new CustomPrincipal(ci);
HttpContext.Current.User = p;
Thread.CurrentPrincipal = p;
}
}
Again, when running the site either in debug mode (local machine) or the actual published site on our server (locally)(IIS 6) it all works. But if we try to login from a remote computer to the published site we always are allowed to enter credentials, and always redirected back to the login page from the one we should have been able to get to. Here's the URL we can see on our browsers:
https://cesiones.cl/Inicio/Login.aspx?ReturnUrl=%2fWebFrms%2fSuccessLogon.aspx
Would it be possible for anyone to pinpoint what are we doing wrong? Thanks a lot for your much needed help.
What I have tried:
We have tried rebuilding the forms authentication tag in our web.config from scratch adding one attribute at a time, without and with(current code) using the CustomIdentity or CustomIdentity classes, with(out) coding the Application_OnPostAuthenticateRequest event on the global.asax file.
But nothing changes. We can access the site, from the server itself, with its URL:
https://cesiones.cl/Inicio/Login.aspx"
, login and proceed to the next page, but from a remote machine we are always redirected back as if the authentication had failed.