user details not saved in session object..

Hello eb
Does this make sense to you??
After user is authenticated (windows authentication) and granted access
to first page of (asp) application, he is not being redirected to the
following page
as it should..
Instead it looks like an endless loop between these two pages is generated.

Also this phenomena happens only when the URL to this application consists
the iis host server name. If instead i am using that server's ip all is well.
I am using iis 6 on server 2003.

I had noticed that iis does not keep user's details in session object
after he had authenticated him.. Should this be related to any of this?

Just for the sake of testing, do you know where the transmition of user
details
between ie-iis can be blocked?
Is it ie which should be told to transfer user's details to iis
or is it iis which should be told to save these details with the http
session object?

Thanks alot for your attention

Rea

Re: user details not saved in session object..

=?Utf-8?B?UmVh?= wrote on 24 jan 2007 in
microsoft.public.inetserver.asp.general:

> Does this make sense to you??
> After user is authenticated (windows authentication) and granted
> access to first page of (asp) application, he is not being redirected
> to the following page
> as it should..
> Instead it looks like an endless loop between these two pages is
> generated.
>
> Also this phenomena happens only when the URL to this application
> consists the iis host server name. If instead i am using that server's
> ip all is well. I am using iis 6 on server 2003.
>

It makes perfect sense and it happens to all of us:

Bad programming.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Re: user details not saved in session object..

"Rea" wrote in message
news:3A86825B-0978-4C91-977C-74031198E62B@microsoft.com...
> Hello eb
> Does this make sense to you??
> After user is authenticated (windows authentication) and granted access
> to first page of (asp) application, he is not being redirected to the
> following page
> as it should..

It's difficult to determine that without seeing some code. Why do you need
two pages to effect a windows authenticated logon?


> Instead it looks like an endless loop between these two pages is
generated.
>
> Also this phenomena happens only when the URL to this application consists
> the iis host server name. If instead i am using that server's ip all is
well.
> I am using iis 6 on server 2003.
>
> I had noticed that iis does not keep user's details in session object
> after he had authenticated him.. Should this be related to any of this?
>

No what actually happens is that the TCP/IP connection between the client
and the server is authenticated. The browser also caches the user
credentials used to authenticate the connection so that any other
connections it needs to make will re-use these credentials. It is quite
normal for the browser to re-authenticate since existing connections can be
closed for various reasons. Most of this though is transparent to the user.

> Just for the sake of testing, do you know where the transmition of user >
details
> between ie-iis can be blocked?

Both IE and IIS can be configured to use or not use windows authentication.
Since you seem to be seeing a Windows logon dialog this isn't the case here.


> Is it ie which should be told to transfer user's details to iis
> or is it iis which should be told to save these details with the http
> session object?

It's more complicated than that, user details aren't really transfered at
all.

>
> Thanks alot for your attention
>
> Rea
>
>