[Mono-bugs] [Bug 80739][Maj] New - Authentication Ticket Expiration state is not used...
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Tue Feb 6 08:39:40 EST 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by informatique.internet at fiducial.fr.
http://bugzilla.ximian.com/show_bug.cgi?id=80739
--- shadow/80739 2007-02-06 08:39:40.000000000 -0500
+++ shadow/80739.tmp.25203 2007-02-06 08:39:40.000000000 -0500
@@ -0,0 +1,134 @@
+Bug#: 80739
+Product: Mono: Class Libraries
+Version: 1.2
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Major
+Component: Sys.Web
+AssignedTo: gonzalo at ximian.com
+ReportedBy: informatique.internet at fiducial.fr
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: Authentication Ticket Expiration state is not used...
+
+Description of Problem:
+
+Using authentication mode "Forms" if you create a non persistent
+FormsAuthenticationTicket and set an expiration date. When the date is
+expired, the application doesn't redirect to the login page as if it was
+still valid
+
+Steps to reproduce the problem:
+1. Create Logon.aspx.cs
+
+using System;
+using System.Web;
+using System.Web.UI;
+using System.Web.Security;
+
+namespace Web
+{
+
+
+ public class logon : Page
+ {
+ protected System.Web.UI.HtmlControls.HtmlForm form1;
+
+ protected System.Web.UI.WebControls.TextBox textBox1;
+
+ protected System.Web.UI.WebControls.Button button1;
+
+
+ public virtual void onButtonClick(object sender, EventArgs e)
+ {
+ FormsAuthenticationTicket ticketauth = new
+FormsAuthenticationTicket(1,"hub",DateTime.Now,DateTime.Now.AddMinutes(1),false,"jjjjujj");
+
+ string cryptedTicket = FormsAuthentication.Encrypt(ticketauth);
+ HttpCookie biscuit = new
+HttpCookie(FormsAuthentication.FormsCookieName,cryptedTicket);
+ Response.Cookies.Add(biscuit);
+ Response.Redirect("Default.aspx");
+ }
+ }
+}
+
+
+2.
+using System;
+using System.Web;
+using System.Web.UI;
+using System.Web.Security;
+
+namespace Web
+{
+
+
+ public class Default : Page
+ {
+ protected System.Web.UI.HtmlControls.HtmlForm form1;
+
+ protected System.Web.UI.WebControls.TextBox textBox1;
+
+ protected System.Web.UI.WebControls.Button button1;
+
+
+
+ public virtual void onButtonClick(object sender, EventArgs e)
+ {
+ FormsIdentity id =
+(FormsIdentity)System.Web.HttpContext.Current.User.Identity;
+ FormsAuthenticationTicket ticket=id.Ticket;
+ Console.WriteLine(ticket.Expiration);
+ textBox1.Text="Expiration date :"+ticket.Expiration+" Data
+:"+ticket.UserData+" Expired :"+ticket.Expired;
+ }
+ }
+}
+3.
+set this in web.config
+
+ <authentication mode="Forms">
+ <forms loginUrl="logon.aspx" name="authPortail" timeout="1"
+path="/"></forms>
+ </authentication>
+
+ <!-- AUTORISATION
+ Cette section définit les stratégies d'autorisation de
+l'application. Vous pouvez autoriser ou refuser l'accès
+ aux ressources de l'application par utilisateur ou rôle. Les
+caractères génériques : "*" signifient tout le monde, "?" signifie
+utilisateurs
+ (non authentifiés) anonymes.
+ -->
+
+ <authorization>
+ <deny users="?" />
+ <allow users="*" /> <!-- Autoriser tous les utilisateurs -->
+ <!-- <allow users="[liste des utilisateurs séparés par
+une virgule]"
+ roles="[liste des rôles séparés par une
+virgule]"/>
+ <deny users="[liste des utilisateurs séparés par
+une virgule]"
+ roles="[liste des rôles séparés par une
+virgule]"/>
+ -->
+ </authorization>
+
+Actual Results:
+You are never redirect to logon.aspx after the first authentication
+
+Expected Results:
+After one minute you should be redirected to logon.aspx (as in MS.NET)
+
+How often does this happen?
+Always
+
+Additional Information:
+It works in MS.NET
More information about the mono-bugs
mailing list