2

I am getting the error "The page isn't redirecting properly" when my action signs the user out and redirects back to itself. After the redirect is returned, the action is called again, but the Request.IsAuthenticated is still true instead of false.

I have put breakpoints on every FormsAuthentication.SetAuthCookie call in my code and none of them are ever hit (I wanted to verify there was no code that would re-authenticate the user).

public ActionResult MyAction() {
    if (Request.IsAuthenticated) {
        try {
            // Check some stuff put into the session when the user
            // is authenticated
        } catch {
            Session.Abandon();
            FormsAuthentication.SignOut();
            return Redirect("http://localhost/MyController/MyAction");
        }
    }
}

It is entirely possible this is a FireFox issue as I am using FireFox 11.0 and it seems to work in Chrome. Does anyone know why this would be happening?

I have not isolated this to a simple project yet. I was hoping this is something simple I am missing.

I should also mention that I have a UrlRewriter that monitors the requests coming in and may redirect them to a URL that may have a separate authentication cookie from the main site. Could this be the problem?

Ex.

// cookiePath: "/"
http://localhost/MyApp/CustomPortal/index/CustomPage

Changes to:

// cookiePath: "/CustomPortal"
http://localhost/MyApp/SpecialRequestController/Render?appName=CustomPortal&pagePath=public/CustomPage

When a user is authenticated to MyApp, the cookiePath is "/", but if the user authenticates under the rewritten URL, the cookiePath is "/CustomPortal".

Thanks for the help!

Leslie Hanks
  • 2,347
  • 3
  • 31
  • 42
  • 2
    I would check the current User.Identity.Name - is it a windows account name by any chance? Is it the same user that just had their session expired? Check to ensure the set-cookie header comes down to delete the forms auth cookie. Load up fiddler and watch for the header on formsauth.SignOut(); (well at the end of the request) – Adam Tuliper Mar 19 '12 at 16:31
  • I will try this when I can. Unfortunately, I have not figured out how to consistently reproduce this. I suspect it is an issue with FireFox as it works fine in Chrome. It seems like FF takes a while to actually expire the cookie because after I wrote up the question and went back to FF and reloaded the page, it worked. – Leslie Hanks Mar 19 '12 at 16:40

1 Answers1

0

Have you defined the forms name in web.config file, this could be one of the reasons

<authentication mode="Forms">
   <forms name="HCGAuth" timeout="60"></forms>
</authentication>
m.othman
  • 638
  • 7
  • 28
  • I have not done this. What I do instead is use the application name as the cookie path when calling SetAuthCookie. Is there any reason this shouldn't work? As I have said, it works in Chrome and only randomly breaks in FF. – Leslie Hanks Mar 20 '12 at 12:19