Search code examples
asp.nethttp-redirectasp.net-membershipmembership-providerreturnurl

Why does my asp.net membership login page not work with a redirect?

I have this membership site setup on my local machine using the ASP.NET membership provider. When I go to:

http://localhost/admin/

It redirects me to

http://localhost/Login.aspx?ReturnUrl=%2fadmin%2fDefault.aspx

Which is fine. But after I put in my login information, the page just seems to refresh. It doesn't actually log me in, and it just looks like it refreshes the page. If I change the URL to:

http://localhost/Login.aspx

It works fine. It logs me in no problem, and redirects me to my default page. I also checked the live site and it does the same thing. Any ideas? Thanks in advance!

EDIT: Here is the markup:

<asp:Login ID="Login1" runat="server" CssClass="LoginBox" TitleText="Please Log In">
    <LayoutTemplate>
        <h2>
            Please Log In:</h2>
        <p runat="server" id="FailureText" visible="false">
            Either your email address or password was incorrect. Please try again.</p>
        <strong>Email</strong><br />
        <asp:TextBox ID="UserName" runat="server"></asp:TextBox>
        <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
            Text="*"></asp:RequiredFieldValidator>
        </p>
        <p>
            <strong>Password</strong><br />
            <asp:TextBox ID="Password" runat="server" TextMode="Password"></asp:TextBox>
            <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
                Text="*"></asp:RequiredFieldValidator>
        </p>
        <p>
            <asp:Button ID="Login" CommandName="Login" runat="server" Text="Log In" /></p>
        <p>
            Please <a runat="server" id="Link_ContactUs">contact </a>an administrator if you
            are having trouble logging in or have forgotten your password.</p>
    </LayoutTemplate>
</asp:Login>

web.config setup:

<authentication mode="Forms">
  <forms loginUrl="/Login.aspx"
         protection="All"
         timeout="60"
         name="AppNameCookie"
         path="/Admin"
         requireSSL="false"
         slidingExpiration="true"
         defaultUrl="/Admin/Default.aspx"
         cookieless="UseCookies"
         enableCrossAppRedirects="false" />
</authentication>
Solution

  • Can you show us some code? If you are using FormsAuthentication.RedirectFromLoginPage method, you should get what you want. Are you using FormsAuthentication.SetAuthCookie instead?

    Update

    Change path="/Admin" in web.config to path=/

    The reason it doesn't work is that your authentication cookie is only set in /Admin path and your browser treats URLs as case sensitive so it won't send the authentication cookie back to the /admin/Default.aspx page (lowercase admin).