Re: <forms loginUrl="https:// pb

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Juan T. Llibre" <nomailreplies@xxxxxxxxxxx>
Date: Thu, 25 Jun 2009 18:57:17 -0400

re:
!> <form loginUrl="https://www.mysite.com/login/login.aspx ..../>

Is that a typo ?

That should be <forms loginUrl=

Other than that, here's a pretty good tutorial which can server as a model for you:

http://tonesnotes.com/blog/2004/05/aspnet_forms_authentication_wi.html

Also, there are those who say that making your login page https is not good practice.
Your login page should be http and your *other* pages should be https.

Check out these two discussions :

http://forums.asp.net/t/1110341.aspx

http://forums.asp.net/t/836624.aspx

....and this article with sample code:

http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx

Juan T. Llibre, asp.net MVP
¿ Estas probando VS 2010 y ASP.NET 4.0 ?
Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español
http://asp.net.do/foros/forums/
=====================================================
"ADNT" <christian.surieux@xxxxxxxxxxxxxxxxxxxx> wrote in message news:O8j7j4Y9JHA.1340@xxxxxxxxxxxxxxxxxxxxxxx

Hello,

I have a problem with Forms authentication and the default login page set in web.config

I want to use an https secured page for it so I put in web.config authentication section
<form loginUrl="https://www.mysite.com/login/login.aspx ..../>

my web site supports ssl with a certficate and I am able to access directly from any browser the page
https://www.mysite.com/login/login.aspx

but when it is triggered by asp.net, when a non authenticated session try to access a path which need authenticated
users, it always generate the non secured url
http://www.mysite.com/login/login.aspx

why ?
I should get the https version as written in web.config ?

Any help welcome.

CS

Follow-Ups:
- Re: <forms loginUrl="https:// pb
  - From: ADNT
- Re: <forms loginUrl="https:// pb
  - From: ADNT

References:
- <forms loginUrl="https:// pb
  - From: ADNT

Prev by Date: TabContainer and separate pages...please help
Next by Date: Re: TabContainer and separate pages...please help
Previous by thread: Re: <forms loginUrl="https:// pb
Next by thread: Re: <forms loginUrl="https:// pb
Index(es):
- Date
- Thread

Relevant Pages

Re: SSL security authorization?
... > I see that we are talking about a kind of interactive authentication ... > (Most of the time the actual HTTPS url is masked ... > the secure server.) ... either urllib or urllib2. ...
(comp.lang.python)
Repeated Failure Audits - related to RPC over HTTPS
... for OWA and one is dedicated for RPC over HTTPS. ... select the check box next to Basic authentication (password is sent in clear ... front-end server, but they persist on the back-end server. ...
(microsoft.public.exchange.admin)
Re: Problems with tcl SOAP and https via proxy
... server .. ... I beleive that that the problem may be with authentication to the https ... The authentication is to the webservice, not the proxy server. ...
(comp.lang.tcl)
Re: Securing Data Transfer
... You may want to take a look at a file upload apple that will send the ... files over https to your FTP server. ... And the https tunneling servlet UnlimitedFTP.Secure - ... Like the authentication schemes available to you, ...
(comp.security.misc)
Re: Detection of access to IIS
... Yes, I have some third party authentication I wish to use, and the ... server, and then to verify themselves against the authentication ... > web site on the server using HTTPS and TCP port 443, ... > One potential drawback though is that you would want to have an SSL ...
(microsoft.public.inetserver.iis.security)