not authenticating when redirected from another page

From: Tim F (F_at_discussions.microsoft.com)
Date: 08/31/04 

Date: Tue, 31 Aug 2004 12:17:03 -0700

Here's my scenario:
I've got forms auth set up for a small web app. When I browse for the
target page, it first checks to see if the user/browser is authenticated. If
not, it redirects to the default login.aspx page. Once successfully logged
in, it uses the ReturnURL from the querystring to send the user to the page
originally requested.

This works just fine when I open a browser (IE6) and type in the address to
browse to the wanted page. I'm forced to log in and then it sends me back to
the page I wanted after a successful login. HOWEVER, when I browse to the
page I want from another website's link (that resides in a frame on that
website's page), I get sent to the login page, as expected (still within the
particular frame). Once I type in the username/pwd and attempt to
authenticate, it sends the login page back again(?). I know I am
authenticating because if I type the wrong username/pwd, I see the "invalid
login" message I created to be displayed. However, when I type the correct
username/pwd I don't get this message, but it still posts that login page
back to me again.

The other strange thing is that, from that other website I mentioned, if I
change the link to reference the target aspx page by opening it up in a new
browser window (ie target=_blank), then everything works fine and I
authenticate without problems. It's only when I'm browsing to my server's
page from within the frame of the other website that I can not authenticate.

Finally, when I look at the trace.axd page after browsing from within the
other website's page/frame, I notice that with each time the login page posts
and I attempt to authenticate, there is a new SessionID. This is happening
even though I'm using the same browser window. This is different behavior
than when I'm browsing to my target page in a "new" browser window. From a
"new" browser window, I see the same SessionID.

Does anyone know why this might be happening when browsing from another
website? Any suggestions? Thanks.

Relevant Pages

  • Re: Linux authentication via AD
    ... What I do to integrate with Windows is to use NIS and Samba. ... a way to do this under older AIX) allows people to login authenticating ... authentication is done to the Windows Password Server. ... text passwords authenticate to the Windows Password Server as well. ...
    (comp.os.linux.security)
  • Re: Was told by DSL tech support that
    ... Network Setup Wizard"? ... PPPoE does not in itself require a login and password. ... PBI/SBC/AT&T wants the user to authenticate. ...
    (alt.internet.wireless)
  • Re: Linux authentication via AD
    ... Primarily I need to integrate Linux ... servers, but I do have a few OpenBSD servers. ... > a way to do this under older AIX) allows people to login authenticating ... > text passwords authenticate to the Windows Password Server as well. ...
    (comp.os.linux.security)
  • Re: Kerberos
    ... IE uses those security zones to work out whether to send credentials to a server without prompting the user. ... If you have a browser window open and then click a link (eg ... username and password (this is a windows style login box). ...
    (microsoft.public.inetserver.iis.security)
  • Slow active directory authentication across campus backbone
    ... We have a building network in which users authenticate at login via ... Netware Client32 to both Novell's eDirectory and to an Active ... Directory domain. ...
    (microsoft.public.win2000.active_directory)