stackoom
  简体   繁体   中英

login redirects infinitly on subdomain

 原文  2013-04-25 01:13:07       c#/ asp.net

Question

I have a subdomain at: kezblu.mysite.com.

It is actually at mysite.com/kezblu

I have code that will ask a user to login if they are not: 

protected void HandleLoginRedirect()
{
    if (IsRequestedPage("Login") && Authorization.IsAuthenticated())
    {
        Response.Redirect("default.aspx");
    }
    else if (!Authorization.IsAuthenticated() && !IsRequestedPage("Login"))
    {
        string fileName = this.Page.Request.Url.ToString();
        fileName = fileName.Remove(0, fileName.LastIndexOf("/") + 1);

        Response.Redirect("Login.aspx?redirect=" + fileName);
    }
}


    public bool IsRequestedPage(string pageName)
    {
        return Request.RawUrl.StartsWith("/" + pageName + ".aspx");
    }

The problem is of I go to kezblu.mysite.com/kezblu

I end up with: 

http://kezblu.mysite.com/kezblu/Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=Login.aspx?redirect=default.aspx

I also noticed when I sign out, even if I was at kezblu.mysite.com/somewhere.aspx

It redirects me to the above.

What is wrong with my code?

I do not get it.

Thanks

1 answers

solution1
 0 ACCPTED  2013-04-25 01:51:12

You need to set the domain of the authentication cookie so that it works on your subdomain as well.

When you request a page in your subdomain, if you are not authenticated, it redirects you to the login page on your domain. You authenticate and the server sends down an authentication cookie that is only for the domain; not the subdomain. You then get redirected back to the page that you came from in the subdomain, but your browser doesn't send the authentication cookie. This causes your subdomain page again to redirect back to the login page. This time, your browser does send the cookie, and the login page automatically redirects you back, but your browser won't send the cookie and so the cycle begins.

To fix this, set the domain of the cookie to ".domain.com" rather than "domain.com" : 

<authentication mode="Forms">
  <forms loginUrl="..."
    domain=".domain.com" /><!-- Not "domain.com" -->
</authentication>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Page redirects to subdomain folder single login with authentication in subdomain JWT Authorization Redirects to Login OWIN separate login from subdomain .NET App redirects to login page Web service redirects to login page Use existing login for another subdomain Login with Facebook does not redirects to .aspx page Application redirects to login.aspx page Owin Authentication Redirects To Login again After login (Sometimes)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM