[Mono-list] Current state of FormsAuthentication

Ilya Kharmatsky ilyak@mainsoft.com
Tue, 08 Mar 2005 10:50:02 +0200 

This is a multi-part message in MIME format.
--------------020101030700030202050706
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8bit

Hi, Hubert!
See comeents below.

Hubert FONGARNAND wrote:

>Since about a week, i've problems with FormsAuthentication...
>I'm using not persistent FormsAuthenticationTicket... I've apply your patch... 
>and it works only with XSP...
>  
>
Let me clearify the problem - the patch caused to regressions on apache 
and mod_mono? Or it just didn't resolve problem on those servers?

>With apache and mod_mono, i'm never authenticated...
>I've another problem with XSP:
>-	With formauthentication enabled, i can't access to images or static html 
>pages without beeing authenticated... With a normal (.NET) behaviour 
>only .aspx pages are protected...
>
>Thanks...
>
>Le Dimanche 06 Mars 2005 17:49, Ilya Kharmatsky a écrit :
>  
>
>>Hi!
>>
>>We found regression in latest version of Forms Authentication - in case
>>when the FormsAuthenticationTicket is not persistent (created with
>>FormsAuthentication.SetAuthCookie("userName", false))
>>the HttpRequest.IsAuthenticated will return false.
>>
>>Attached possible patch (in FormsAuthenticationModule.cs) and test case.
>>
>>Thanks,
>>Ilya Kharmatsky.
>>
>>Gonzalo Paniagua Javier wrote:
>>    
>>
>>>On Wed, 2005-03-02 at 11:45 -0700, Jesse Pasichnyk wrote:
>>>      
>>>
>>>>I am working on developing an ecommerce site with mono/postgres and am
>>>>having some issues with the a Forms based security login area.
>>>>        
>>>>
>>>Last mono release shipped with a regression that might make
>>>FormsAuthentication fail.
>>>
>>>You can get a new System.Web.dll from
>>>http://www.go-mono.com/archive/1.0.6/System.Web.dll or
>>>http://www.go-mono.com/archive/1.1.4/System.Web.dll
>>>
>>>-Gonzalo
>>>
>>>
>>>_______________________________________________
>>>Mono-list maillist  -  Mono-list@lists.ximian.com
>>>http://lists.ximian.com/mailman/listinfo/mono-list
>>>      
>>>
>_______________________________________________
>Mono-list maillist  -  Mono-list@lists.ximian.com
>http://lists.ximian.com/mailman/listinfo/mono-list
>
>  
>

--------------020101030700030202050706
Content-Type: text/html; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-15"
 http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi, Hubert!<br>
See comeents below.<br>
<br>
Hubert FONGARNAND wrote:
<blockquote
 cite="mid200503071708.25773.informatique.internet@fiducial.fr"
 type="cite">
  <pre wrap="">Since about a week, i've problems with FormsAuthentication...
I'm using not persistent FormsAuthenticationTicket... I've apply your patch... 
and it works only with XSP...
  </pre>
</blockquote>
Let me clearify the problem - the patch caused to regressions on apache
and mod_mono? Or it just didn't resolve problem on those servers?<br>
<blockquote
 cite="mid200503071708.25773.informatique.internet@fiducial.fr"
 type="cite">
  <pre wrap="">With apache and mod_mono, i'm never authenticated...
I've another problem with XSP:
-	With formauthentication enabled, i can't access to images or static html 
pages without beeing authenticated... With a normal (.NET) behaviour 
only .aspx pages are protected...

Thanks...

Le Dimanche 06 Mars 2005 17:49, Ilya Kharmatsky a écrit :
  </pre>
  <blockquote type="cite">
    <pre wrap="">Hi!

We found regression in latest version of Forms Authentication - in case
when the FormsAuthenticationTicket is not persistent (created with
FormsAuthentication.SetAuthCookie("userName", false))
the HttpRequest.IsAuthenticated will return false.

Attached possible patch (in FormsAuthenticationModule.cs) and test case.

Thanks,
Ilya Kharmatsky.

Gonzalo Paniagua Javier wrote:
    </pre>
    <blockquote type="cite">
      <pre wrap="">On Wed, 2005-03-02 at 11:45 -0700, Jesse Pasichnyk wrote:
      </pre>
      <blockquote type="cite">
        <pre wrap="">I am working on developing an ecommerce site with mono/postgres and am
having some issues with the a Forms based security login area.
        </pre>
      </blockquote>
      <pre wrap="">Last mono release shipped with a regression that might make
FormsAuthentication fail.

You can get a new System.Web.dll from
<a class="moz-txt-link-freetext" href="http://www.go-mono.com/archive/1.0.6/System.Web.dll">http://www.go-mono.com/archive/1.0.6/System.Web.dll</a> or
<a class="moz-txt-link-freetext" href="http://www.go-mono.com/archive/1.1.4/System.Web.dll">http://www.go-mono.com/archive/1.1.4/System.Web.dll</a>

-Gonzalo


_______________________________________________
Mono-list maillist  -  <a class="moz-txt-link-abbreviated" href="mailto:Mono-list@lists.ximian.com">Mono-list@lists.ximian.com</a>
<a class="moz-txt-link-freetext" href="http://lists.ximian.com/mailman/listinfo/mono-list">http://lists.ximian.com/mailman/listinfo/mono-list</a>
      </pre>
    </blockquote>
  </blockquote>
  <pre wrap=""><!---->_______________________________________________
Mono-list maillist  -  <a class="moz-txt-link-abbreviated" href="mailto:Mono-list@lists.ximian.com">Mono-list@lists.ximian.com</a>
<a class="moz-txt-link-freetext" href="http://lists.ximian.com/mailman/listinfo/mono-list">http://lists.ximian.com/mailman/listinfo/mono-list</a>

  </pre>
</blockquote>
</body>
</html>

--------------020101030700030202050706--