Forms Authentication Problem

Re: Forms Authentication Problem

are you sure ValidUser is returning "true" ?



"ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=blue]
> I tried on the Security newgroup, as well as other places, and haven't
> gotten an answer yet - - I'm pulling my hair out over this one.
>
> I'm trying to get Forms Authentication working.....I can get any requested
> page to automatically go to the Login.aspx page, AND, the ReturnURL
> querystring is correct in the address bar, but no matter what, I can't get
> it, once the user is authenticated, to redirect to the new page. It ALWAYS
> refreshes the Login.aspx page!
>
> My database has all the users - - I query the database and validate the[/color]
user[color=blue]
> there. This part works - - I've totally verified this.
> Then - - I've got this:
> if ValidUser="True " then
> FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> <-------this is the part that DOES NOT work at all - - it never redirects
> the page
>
> The machine.config points to the correct path for the WebUIValidation .js
> file....I'm using MSIE, as are all the other users who are going to be
> hitting this app. - - Scripting is allowed.
>
> in the Web.Config, I've got:
> <authenticati on mode="Forms">
> <forms name=".MyApp"
> loginUrl="login .aspx"
> protection="All "
> timeout="480"
> path="/"
> />
> </authentication>
> <authorizatio n>
> <deny users ="?" />
> </authorization>
> And I'm importing the Web.Security Namespace on each page.
> Does Each subsequent page need anything else in it to make this work?
> Please help - - I've been working on this for over a week now! What am I
> missing?
>
>[/color]

Re: Forms Authentication Problem

Yes - I'm sure - absolutely positive



"Seaside" <ss@hotmail.com > wrote in message
news:ez0MMe2WDH A.3444@tk2msftn gp13.phx.gbl...[color=blue]
> are you sure ValidUser is returning "true" ?
>
>
>
> "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=green]
> > I tried on the Security newgroup, as well as other places, and haven't
> > gotten an answer yet - - I'm pulling my hair out over this one.
> >
> > I'm trying to get Forms Authentication working.....I can get any[/color][/color]
requested[color=blue][color=green]
> > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > querystring is correct in the address bar, but no matter what, I can't[/color][/color]
get[color=blue][color=green]
> > it, once the user is authenticated, to redirect to the new page. It[/color][/color]
ALWAYS[color=blue][color=green]
> > refreshes the Login.aspx page!
> >
> > My database has all the users - - I query the database and validate the[/color]
> user[color=green]
> > there. This part works - - I've totally verified this.
> > Then - - I've got this:
> > if ValidUser="True " then
> > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > <-------this is the part that DOES NOT work at all - - it never[/color][/color]
redirects[color=blue][color=green]
> > the page
> >
> > The machine.config points to the correct path for the WebUIValidation .js
> > file....I'm using MSIE, as are all the other users who are going to be
> > hitting this app. - - Scripting is allowed.
> >
> > in the Web.Config, I've got:
> > <authenticati on mode="Forms">
> > <forms name=".MyApp"
> > loginUrl="login .aspx"
> > protection="All "
> > timeout="480"
> > path="/"
> > />
> > </authentication>
> > <authorizatio n>
> > <deny users ="?" />
> > </authorization>
> > And I'm importing the Web.Security Namespace on each page.
> > Does Each subsequent page need anything else in it to make this work?
> > Please help - - I've been working on this for over a week now! What am I
> > missing?
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Thanks - I checked it out - - all the code listings links don't go to the
code at all....nice article, but it doesn't tell me where my problem is.
BTW - If I remove the deny users part - - - - it bypasses the login.aspx
file altogether. I at least had that working


"S. Justin Gengo" <sjgengo@aboutf ortunate.com> wrote in message
news:%23razhf2W DHA.608@TK2MSFT NGP12.phx.gbl.. .[color=blue]
> Elmo,
>
> When you use a database with forms authentication you need to remove the
> deny users attribute in the web.config file. You then have to create a
> method that does the validation for you.
>
> Here's a good article about using a database with form authentication:
>[/color]
http://www.zdnet.com.au/builder/prog...0274191,00.htm[color=blue]
>
> Sincerely,
>
> --
> S. Justin Gengo, MCP
> Web Developer
>
> Free code library at:
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzche
> "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=green]
> > I tried on the Security newgroup, as well as other places, and haven't
> > gotten an answer yet - - I'm pulling my hair out over this one.
> >
> > I'm trying to get Forms Authentication working.....I can get any[/color][/color]
requested[color=blue][color=green]
> > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > querystring is correct in the address bar, but no matter what, I can't[/color][/color]
get[color=blue][color=green]
> > it, once the user is authenticated, to redirect to the new page. It[/color][/color]
ALWAYS[color=blue][color=green]
> > refreshes the Login.aspx page!
> >
> > My database has all the users - - I query the database and validate the[/color]
> user[color=green]
> > there. This part works - - I've totally verified this.
> > Then - - I've got this:
> > if ValidUser="True " then
> > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > <-------this is the part that DOES NOT work at all - - it never[/color][/color]
redirects[color=blue][color=green]
> > the page
> >
> > The machine.config points to the correct path for the WebUIValidation .js
> > file....I'm using MSIE, as are all the other users who are going to be
> > hitting this app. - - Scripting is allowed.
> >
> > in the Web.Config, I've got:
> > <authenticati on mode="Forms">
> > <forms name=".MyApp"
> > loginUrl="login .aspx"
> > protection="All "
> > timeout="480"
> > path="/"
> > />
> > </authentication>
> > <authorizatio n>
> > <deny users ="?" />
> > </authorization>
> > And I'm importing the Web.Security Namespace on each page.
> > Does Each subsequent page need anything else in it to make this work?
> > Please help - - I've been working on this for over a week now! What am I
> > missing?
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

see S.Justin Gengo's reply



"ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
news:OikY$72WDH A.2424@TK2MSFTN GP12.phx.gbl...[color=blue]
> Yes - I'm sure - absolutely positive
>
>
>
> "Seaside" <ss@hotmail.com > wrote in message
> news:ez0MMe2WDH A.3444@tk2msftn gp13.phx.gbl...[color=green]
> > are you sure ValidUser is returning "true" ?
> >
> >
> >
> > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=darkred]
> > > I tried on the Security newgroup, as well as other places, and haven't
> > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any[/color][/color]
> requested[color=green][color=darkred]
> > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > querystring is correct in the address bar, but no matter what, I can't[/color][/color]
> get[color=green][color=darkred]
> > > it, once the user is authenticated, to redirect to the new page. It[/color][/color]
> ALWAYS[color=green][color=darkred]
> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate[/color][/color][/color]
the[color=blue][color=green]
> > user[color=darkred]
> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True " then
> > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > > <-------this is the part that DOES NOT work at all - - it never[/color][/color]
> redirects[color=green][color=darkred]
> > > the page
> > >
> > > The machine.config points to the correct path for the[/color][/color][/color]
WebUIValidation .js[color=blue][color=green][color=darkred]
> > > file....I'm using MSIE, as are all the other users who are going to be
> > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authenticati on mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login .aspx"
> > > protection="All "
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorizatio n>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this work?
> > > Please help - - I've been working on this for over a week now! What am[/color][/color][/color]
I[color=blue][color=green][color=darkred]
> > > missing?
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Elmo,

It may be redirecting to the page, then redirecting right back to the login
page when it's found that the user isn't authenticated.

The question will be "why isn't the user authenticated when I think he
should be?" Answers I've seen include:

1) Because the cookie is set up wrong and Forms Authentication never sees
it. Check on the domain, path and expiration of the cookie. In particular,
make sure the cookie domain matches your domain. localhost has a blank
domain, BTW.
2) Because the login page and the page you're redirecting to have different
values in the <machineKey> entry in machine.config or web.config.
3) The user _is_ authenticated, but not authorized. Maybe URL authorization
has a typo in a role name, or roles aren't being applied in global.asax.

It sounds like it's time for you to look one layer deeper. In particular,
try turning on tracing in web.config:

<trace enabled="true" requestLimit="1 00" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />

Then reproduce the problem and navigate to
http://localhost/yourSite/trace.axd. It may be instructive.
--
John Saunders
Internet Engineer
john.saunders@s urfcontrol.com



"ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=blue]
> I tried on the Security newgroup, as well as other places, and haven't
> gotten an answer yet - - I'm pulling my hair out over this one.
>
> I'm trying to get Forms Authentication working.....I can get any requested
> page to automatically go to the Login.aspx page, AND, the ReturnURL
> querystring is correct in the address bar, but no matter what, I can't get
> it, once the user is authenticated, to redirect to the new page. It ALWAYS
> refreshes the Login.aspx page!
>
> My database has all the users - - I query the database and validate the[/color]
user[color=blue]
> there. This part works - - I've totally verified this.
> Then - - I've got this:
> if ValidUser="True " then
> FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> <-------this is the part that DOES NOT work at all - - it never redirects
> the page
>
> The machine.config points to the correct path for the WebUIValidation .js
> file....I'm using MSIE, as are all the other users who are going to be
> hitting this app. - - Scripting is allowed.
>
> in the Web.Config, I've got:
> <authenticati on mode="Forms">
> <forms name=".MyApp"
> loginUrl="login .aspx"
> protection="All "
> timeout="480"
> path="/"
> />
> </authentication>
> <authorizatio n>
> <deny users ="?" />
> </authorization>
> And I'm importing the Web.Security Namespace on each page.
> Does Each subsequent page need anything else in it to make this work?
> Please help - - I've been working on this for over a week now! What am I
> missing?
>
>[/color]

Re: Forms Authentication Problem

Hmmm,

That website must be having some pretty big link problems! I had bookmarked
it a long time ago. It looks like all their articles file links aren't
working.

Here's a line of code from a different article that I think pertains to you:

If blnIsAuthentica ted Then
FormsAuthentica tion.RedirectFr omLoginPage(str User,
chkPersistLogin .Checked)
End If

This article is using an xml file instead of a database to store usernames
and passwords but the concept is the same. Here's the link:


Sincerecly,


--
S. Justin Gengo, MCP
Web Developer

Free code library at:


"Out of chaos comes order."
Nietzche
"ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
news:eSDQlB3WDH A.1512@TK2MSFTN GP11.phx.gbl...[color=blue]
> Thanks - I checked it out - - all the code listings links don't go to the
> code at all....nice article, but it doesn't tell me where my problem is.
> BTW - If I remove the deny users part - - - - it bypasses the login.aspx
> file altogether. I at least had that working
>
>
> "S. Justin Gengo" <sjgengo@aboutf ortunate.com> wrote in message
> news:%23razhf2W DHA.608@TK2MSFT NGP12.phx.gbl.. .[color=green]
> > Elmo,
> >
> > When you use a database with forms authentication you need to remove the
> > deny users attribute in the web.config file. You then have to create a
> > method that does the validation for you.
> >
> > Here's a good article about using a database with form authentication:
> >[/color]
>[/color]
http://www.zdnet.com.au/builder/prog...0274191,00.htm[color=blue][color=green]
> >
> > Sincerely,
> >
> > --
> > S. Justin Gengo, MCP
> > Web Developer
> >
> > Free code library at:
> > www.aboutfortunate.com
> >
> > "Out of chaos comes order."
> > Nietzche
> > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=darkred]
> > > I tried on the Security newgroup, as well as other places, and haven't
> > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any[/color][/color]
> requested[color=green][color=darkred]
> > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > querystring is correct in the address bar, but no matter what, I can't[/color][/color]
> get[color=green][color=darkred]
> > > it, once the user is authenticated, to redirect to the new page. It[/color][/color]
> ALWAYS[color=green][color=darkred]
> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate[/color][/color][/color]
the[color=blue][color=green]
> > user[color=darkred]
> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True " then
> > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > > <-------this is the part that DOES NOT work at all - - it never[/color][/color]
> redirects[color=green][color=darkred]
> > > the page
> > >
> > > The machine.config points to the correct path for the[/color][/color][/color]
WebUIValidation .js[color=blue][color=green][color=darkred]
> > > file....I'm using MSIE, as are all the other users who are going to be
> > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authenticati on mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login .aspx"
> > > protection="All "
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorizatio n>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this work?
> > > Please help - - I've been working on this for over a week now! What am[/color][/color][/color]
I[color=blue][color=green][color=darkred]
> > > missing?
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Actually - I have had Tracing on & off several times - -
I see that the cookie is set - - but the weird thing is how it's showing - -
I went to the temporary internet files directory to watch when the cookie
shows up.

I run a page on the site in IE, get referred to the login page, login, and,
as usual, it does NOT redirect me to the original page....
Keep in mind, still no cookie in the directory -- then I close IE - - -
still no cookie.
THEN - when I start IE AGAIN, only going to its default page - - the cookie
shows up in the directory - - I don't get how this behavior works, at all.

Still - the same login scenario happens - - no redirect.

You said:[color=blue][color=green][color=darkred]
>>>>Maybe URL authorization has a typo in a role name, or roles aren't being[/color][/color][/color]
applied in global.asax.

I don't have any roles in play here - this scenario, at this point is
supposed to check against a database table for authorization - - if
there - - validuser is true, else it's false
if it's true, I have it set like this:
FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) and again -
here's where it doesn't work. It DOES, however, set the cookie, named the
same as in the web.config file.

Anything else?? Nothing shows up as

"John Saunders" <john.saunders@ surfcontrol.com > wrote in message
news:OLe4NF3WDH A.2272@TK2MSFTN GP11.phx.gbl...[color=blue]
> Elmo,
>
> It may be redirecting to the page, then redirecting right back to the[/color]
login[color=blue]
> page when it's found that the user isn't authenticated.
>
> The question will be "why isn't the user authenticated when I think he
> should be?" Answers I've seen include:
>
> 1) Because the cookie is set up wrong and Forms Authentication never sees
> it. Check on the domain, path and expiration of the cookie. In particular,
> make sure the cookie domain matches your domain. localhost has a blank
> domain, BTW.
> 2) Because the login page and the page you're redirecting to have[/color]
different[color=blue]
> values in the <machineKey> entry in machine.config or web.config.
> 3) The user _is_ authenticated, but not authorized. Maybe URL[/color]
authorization[color=blue]
> has a typo in a role name, or roles aren't being applied in global.asax.
>
> It sounds like it's time for you to look one layer deeper. In particular,
> try turning on tracing in web.config:
>
> <trace enabled="true" requestLimit="1 00" pageOutput="fal se"
> traceMode="Sort ByTime" localOnly="true " />
>
> Then reproduce the problem and navigate to
> http://localhost/yourSite/trace.axd. It may be instructive.
> --
> John Saunders
> Internet Engineer
> john.saunders@s urfcontrol.com
>
>
>
> "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=green]
> > I tried on the Security newgroup, as well as other places, and haven't
> > gotten an answer yet - - I'm pulling my hair out over this one.
> >
> > I'm trying to get Forms Authentication working.....I can get any[/color][/color]
requested[color=blue][color=green]
> > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > querystring is correct in the address bar, but no matter what, I can't[/color][/color]
get[color=blue][color=green]
> > it, once the user is authenticated, to redirect to the new page. It[/color][/color]
ALWAYS[color=blue][color=green]
> > refreshes the Login.aspx page!
> >
> > My database has all the users - - I query the database and validate the[/color]
> user[color=green]
> > there. This part works - - I've totally verified this.
> > Then - - I've got this:
> > if ValidUser="True " then
> > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > <-------this is the part that DOES NOT work at all - - it never[/color][/color]
redirects[color=blue][color=green]
> > the page
> >
> > The machine.config points to the correct path for the WebUIValidation .js
> > file....I'm using MSIE, as are all the other users who are going to be
> > hitting this app. - - Scripting is allowed.
> >
> > in the Web.Config, I've got:
> > <authenticati on mode="Forms">
> > <forms name=".MyApp"
> > loginUrl="login .aspx"
> > protection="All "
> > timeout="480"
> > path="/"
> > />
> > </authentication>
> > <authorizatio n>
> > <deny users ="?" />
> > </authorization>
> > And I'm importing the Web.Security Namespace on each page.
> > Does Each subsequent page need anything else in it to make this work?
> > Please help - - I've been working on this for over a week now! What am I
> > missing?
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Yeah - - that's what I'm using exactly - - that's what doesn't work
correctly
I'm totally lost here......I guess I'll just have to roll my own
authentication system - - I've been at this over a week and I could have had
it all done, if I had manually created it.

Thanks for the help - - if you think of something else - - - post back,
please.

"S. Justin Gengo" <sjgengo@aboutf ortunate.com> wrote in message
news:%23XKtLK3W DHA.1480@tk2msf tngp13.phx.gbl. ..[color=blue]
> Hmmm,
>
> That website must be having some pretty big link problems! I had[/color]
bookmarked[color=blue]
> it a long time ago. It looks like all their articles file links aren't
> working.
>
> Here's a line of code from a different article that I think pertains to[/color]
you:[color=blue]
>
> If blnIsAuthentica ted Then
> FormsAuthentica tion.RedirectFr omLoginPage(str User,
> chkPersistLogin .Checked)
> End If
>
> This article is using an xml file instead of a database to store usernames
> and passwords but the concept is the same. Here's the link:
> http://www.15seconds.com/issue/020305.htm
>
> Sincerecly,
>
>
> --
> S. Justin Gengo, MCP
> Web Developer
>
> Free code library at:
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzche
> "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> news:eSDQlB3WDH A.1512@TK2MSFTN GP11.phx.gbl...[color=green]
> > Thanks - I checked it out - - all the code listings links don't go to[/color][/color]
the[color=blue][color=green]
> > code at all....nice article, but it doesn't tell me where my problem is.
> > BTW - If I remove the deny users part - - - - it bypasses the[/color][/color]
login.aspx[color=blue][color=green]
> > file altogether. I at least had that working
> >
> >
> > "S. Justin Gengo" <sjgengo@aboutf ortunate.com> wrote in message
> > news:%23razhf2W DHA.608@TK2MSFT NGP12.phx.gbl.. .[color=darkred]
> > > Elmo,
> > >
> > > When you use a database with forms authentication you need to remove[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > deny users attribute in the web.config file. You then have to create a
> > > method that does the validation for you.
> > >
> > > Here's a good article about using a database with form authentication:
> > >[/color]
> >[/color]
>[/color]
http://www.zdnet.com.au/builder/prog...0274191,00.htm[color=blue][color=green][color=darkred]
> > >
> > > Sincerely,
> > >
> > > --
> > > S. Justin Gengo, MCP
> > > Web Developer
> > >
> > > Free code library at:
> > > www.aboutfortunate.com
> > >
> > > "Out of chaos comes order."
> > > Nietzche
> > > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > > news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..
> > > > I tried on the Security newgroup, as well as other places, and[/color][/color][/color]
haven't[color=blue][color=green][color=darkred]
> > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > > >
> > > > I'm trying to get Forms Authentication working.....I can get any[/color]
> > requested[color=darkred]
> > > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > > querystring is correct in the address bar, but no matter what, I[/color][/color][/color]
can't[color=blue][color=green]
> > get[color=darkred]
> > > > it, once the user is authenticated, to redirect to the new page. It[/color]
> > ALWAYS[color=darkred]
> > > > refreshes the Login.aspx page!
> > > >
> > > > My database has all the users - - I query the database and validate[/color][/color]
> the[color=green][color=darkred]
> > > user
> > > > there. This part works - - I've totally verified this.
> > > > Then - - I've got this:
> > > > if ValidUser="True " then
> > > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > > > <-------this is the part that DOES NOT work at all - - it never[/color]
> > redirects[color=darkred]
> > > > the page
> > > >
> > > > The machine.config points to the correct path for the[/color][/color]
> WebUIValidation .js[color=green][color=darkred]
> > > > file....I'm using MSIE, as are all the other users who are going to[/color][/color][/color]
be[color=blue][color=green][color=darkred]
> > > > hitting this app. - - Scripting is allowed.
> > > >
> > > > in the Web.Config, I've got:
> > > > <authenticati on mode="Forms">
> > > > <forms name=".MyApp"
> > > > loginUrl="login .aspx"
> > > > protection="All "
> > > > timeout="480"
> > > > path="/"
> > > > />
> > > > </authentication>
> > > > <authorizatio n>
> > > > <deny users ="?" />
> > > > </authorization>
> > > > And I'm importing the Web.Security Namespace on each page.
> > > > Does Each subsequent page need anything else in it to make this[/color][/color][/color]
work?[color=blue][color=green][color=darkred]
> > > > Please help - - I've been working on this for over a week now! What[/color][/color][/color]
am[color=blue]
> I[color=green][color=darkred]
> > > > missing?
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Elmo,

Let's be sure we understand each other. Here's a sequence of events to
reproduce:

1) Close _all_ of your browsers
2) Start up IE (preferably with your home page set to about:blank).
3) Navigate to a page which requires you to be authenticated
4) You should be redirected to the login page
5) Check for the cookie it should be absent.
6) Log in. It should attempt to redirect you to the original page.
7) Whether or not it redirected you, check for the cookie again. If it's
there, post the details, in particular, the path, domain and expiration.

BTW, I don't know how you're seeing the cookie at all. Session cookies
aren't displayed in IE's "View Files" dialog. You'd do better to use a tool
like ProxyTrace from http://pocketsoap.com, which will allow you to see the
actual Set-Cookie header(s).
--
John Saunders
Internet Engineer
john.saunders@s urfcontrol.com


"ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
news:eX0gGh3WDH A.1640@TK2MSFTN GP10.phx.gbl...[color=blue]
> Actually - I have had Tracing on & off several times - -
> I see that the cookie is set - - but the weird thing is how it's[/color]
showing - -[color=blue]
> I went to the temporary internet files directory to watch when the cookie
> shows up.
>
> I run a page on the site in IE, get referred to the login page, login,[/color]
and,[color=blue]
> as usual, it does NOT redirect me to the original page....
> Keep in mind, still no cookie in the directory -- then I close IE - - -
> still no cookie.
> THEN - when I start IE AGAIN, only going to its default page - - the[/color]
cookie[color=blue]
> shows up in the directory - - I don't get how this behavior works, at[/color]
all.[color=blue]
>
> Still - the same login scenario happens - - no redirect.
>
> You said:[color=green][color=darkred]
> >>>>Maybe URL authorization has a typo in a role name, or roles aren't[/color][/color][/color]
being[color=blue]
> applied in global.asax.
>
> I don't have any roles in play here - this scenario, at this point is
> supposed to check against a database table for authorization - - if
> there - - validuser is true, else it's false
> if it's true, I have it set like this:
> FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) and again -
> here's where it doesn't work. It DOES, however, set the cookie, named the
> same as in the web.config file.
>
> Anything else?? Nothing shows up as
>
> "John Saunders" <john.saunders@ surfcontrol.com > wrote in message
> news:OLe4NF3WDH A.2272@TK2MSFTN GP11.phx.gbl...[color=green]
> > Elmo,
> >
> > It may be redirecting to the page, then redirecting right back to the[/color]
> login[color=green]
> > page when it's found that the user isn't authenticated.
> >
> > The question will be "why isn't the user authenticated when I think he
> > should be?" Answers I've seen include:
> >
> > 1) Because the cookie is set up wrong and Forms Authentication never[/color][/color]
sees[color=blue][color=green]
> > it. Check on the domain, path and expiration of the cookie. In[/color][/color]
particular,[color=blue][color=green]
> > make sure the cookie domain matches your domain. localhost has a blank
> > domain, BTW.
> > 2) Because the login page and the page you're redirecting to have[/color]
> different[color=green]
> > values in the <machineKey> entry in machine.config or web.config.
> > 3) The user _is_ authenticated, but not authorized. Maybe URL[/color]
> authorization[color=green]
> > has a typo in a role name, or roles aren't being applied in global.asax.
> >
> > It sounds like it's time for you to look one layer deeper. In[/color][/color]
particular,[color=blue][color=green]
> > try turning on tracing in web.config:
> >
> > <trace enabled="true" requestLimit="1 00" pageOutput="fal se"
> > traceMode="Sort ByTime" localOnly="true " />
> >
> > Then reproduce the problem and navigate to
> > http://localhost/yourSite/trace.axd. It may be instructive.
> > --
> > John Saunders
> > Internet Engineer
> > john.saunders@s urfcontrol.com
> >
> >
> >
> > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..[color=darkred]
> > > I tried on the Security newgroup, as well as other places, and haven't
> > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any[/color][/color]
> requested[color=green][color=darkred]
> > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > querystring is correct in the address bar, but no matter what, I can't[/color][/color]
> get[color=green][color=darkred]
> > > it, once the user is authenticated, to redirect to the new page. It[/color][/color]
> ALWAYS[color=green][color=darkred]
> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate[/color][/color][/color]
the[color=blue][color=green]
> > user[color=darkred]
> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True " then
> > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > > <-------this is the part that DOES NOT work at all - - it never[/color][/color]
> redirects[color=green][color=darkred]
> > > the page
> > >
> > > The machine.config points to the correct path for the[/color][/color][/color]
WebUIValidation .js[color=blue][color=green][color=darkred]
> > > file....I'm using MSIE, as are all the other users who are going to be
> > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authenticati on mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login .aspx"
> > > protection="All "
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorizatio n>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this work?
> > > Please help - - I've been working on this for over a week now! What am[/color][/color][/color]
I[color=blue][color=green][color=darkred]
> > > missing?
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Here are my steps
1. Delete existing cookie, starting from scratch
2. Run a page on web server - - redirects me to login page
3. Login, hoping to go to url in querystring
4. It does NOT redirect me to the correct page - -
in the Trace details, it shows the cookie with the correct name (from
Web.Config Name = section)
5. However, I don't see the cookie in the Temporary Internet Files dir
yet - - close IE -no cookie
6. Start IE (goes to default site which is NOT the web site in question) -
Cookie shows up
7. Details - - - in the directory list (Windows Explorer):
Name: Cookie:myname@t estWebserver/ --- this is correct --
Internet Address - same as Name: - TXT file
Expires: 8/5/2053
Last Modified/Last Accessed/Last Checked - - all the same time/date (today)

8. Try running a page on the web server again - - redirects me to login
page, with the originally requested page, correctly, in the querystring
(ReturnUrL) - - cookie shows up with the name given to it, in my Web.config
file.

Does this show you anything?

"John Saunders" <john.saunders@ surfcontrol.com > wrote in message
news:uGP7F43WDH A.2080@TK2MSFTN GP11.phx.gbl...[color=blue]
> Elmo,
>
> Let's be sure we understand each other. Here's a sequence of events to
> reproduce:
>
> 1) Close _all_ of your browsers
> 2) Start up IE (preferably with your home page set to about:blank).
> 3) Navigate to a page which requires you to be authenticated
> 4) You should be redirected to the login page
> 5) Check for the cookie it should be absent.
> 6) Log in. It should attempt to redirect you to the original page.
> 7) Whether or not it redirected you, check for the cookie again. If it's
> there, post the details, in particular, the path, domain and expiration.
>
> BTW, I don't know how you're seeing the cookie at all. Session cookies
> aren't displayed in IE's "View Files" dialog. You'd do better to use a[/color]
tool[color=blue]
> like ProxyTrace from http://pocketsoap.com, which will allow you to see[/color]
the[color=blue]
> actual Set-Cookie header(s).
> --
> John Saunders
> Internet Engineer
> john.saunders@s urfcontrol.com
>
>
> "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> news:eX0gGh3WDH A.1640@TK2MSFTN GP10.phx.gbl...[color=green]
> > Actually - I have had Tracing on & off several times - -
> > I see that the cookie is set - - but the weird thing is how it's[/color]
> showing - -[color=green]
> > I went to the temporary internet files directory to watch when the[/color][/color]
cookie[color=blue][color=green]
> > shows up.
> >
> > I run a page on the site in IE, get referred to the login page, login,[/color]
> and,[color=green]
> > as usual, it does NOT redirect me to the original page....
> > Keep in mind, still no cookie in the directory -- then I close IE - - -
> > still no cookie.
> > THEN - when I start IE AGAIN, only going to its default page - - the[/color]
> cookie[color=green]
> > shows up in the directory - - I don't get how this behavior works, at[/color]
> all.[color=green]
> >
> > Still - the same login scenario happens - - no redirect.
> >
> > You said:[color=darkred]
> > >>>>Maybe URL authorization has a typo in a role name, or roles aren't[/color][/color]
> being[color=green]
> > applied in global.asax.
> >
> > I don't have any roles in play here - this scenario, at this point is
> > supposed to check against a database table for authorization - - if
> > there - - validuser is true, else it's false
> > if it's true, I have it set like this:
> > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) and again -
> > here's where it doesn't work. It DOES, however, set the cookie, named[/color][/color]
the[color=blue][color=green]
> > same as in the web.config file.
> >
> > Anything else?? Nothing shows up as
> >
> > "John Saunders" <john.saunders@ surfcontrol.com > wrote in message
> > news:OLe4NF3WDH A.2272@TK2MSFTN GP11.phx.gbl...[color=darkred]
> > > Elmo,
> > >
> > > It may be redirecting to the page, then redirecting right back to the[/color]
> > login[color=darkred]
> > > page when it's found that the user isn't authenticated.
> > >
> > > The question will be "why isn't the user authenticated when I think he
> > > should be?" Answers I've seen include:
> > >
> > > 1) Because the cookie is set up wrong and Forms Authentication never[/color][/color]
> sees[color=green][color=darkred]
> > > it. Check on the domain, path and expiration of the cookie. In[/color][/color]
> particular,[color=green][color=darkred]
> > > make sure the cookie domain matches your domain. localhost has a blank
> > > domain, BTW.
> > > 2) Because the login page and the page you're redirecting to have[/color]
> > different[color=darkred]
> > > values in the <machineKey> entry in machine.config or web.config.
> > > 3) The user _is_ authenticated, but not authorized. Maybe URL[/color]
> > authorization[color=darkred]
> > > has a typo in a role name, or roles aren't being applied in[/color][/color][/color]
global.asax.[color=blue][color=green][color=darkred]
> > >
> > > It sounds like it's time for you to look one layer deeper. In[/color][/color]
> particular,[color=green][color=darkred]
> > > try turning on tracing in web.config:
> > >
> > > <trace enabled="true" requestLimit="1 00" pageOutput="fal se"
> > > traceMode="Sort ByTime" localOnly="true " />
> > >
> > > Then reproduce the problem and navigate to
> > > http://localhost/yourSite/trace.axd. It may be instructive.
> > > --
> > > John Saunders
> > > Internet Engineer
> > > john.saunders@s urfcontrol.com
> > >
> > >
> > >
> > > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > > news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..
> > > > I tried on the Security newgroup, as well as other places, and[/color][/color][/color]
haven't[color=blue][color=green][color=darkred]
> > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > > >
> > > > I'm trying to get Forms Authentication working.....I can get any[/color]
> > requested[color=darkred]
> > > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > > querystring is correct in the address bar, but no matter what, I[/color][/color][/color]
can't[color=blue][color=green]
> > get[color=darkred]
> > > > it, once the user is authenticated, to redirect to the new page. It[/color]
> > ALWAYS[color=darkred]
> > > > refreshes the Login.aspx page!
> > > >
> > > > My database has all the users - - I query the database and validate[/color][/color]
> the[color=green][color=darkred]
> > > user
> > > > there. This part works - - I've totally verified this.
> > > > Then - - I've got this:
> > > > if ValidUser="True " then
> > > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) '
> > > > <-------this is the part that DOES NOT work at all - - it never[/color]
> > redirects[color=darkred]
> > > > the page
> > > >
> > > > The machine.config points to the correct path for the[/color][/color]
> WebUIValidation .js[color=green][color=darkred]
> > > > file....I'm using MSIE, as are all the other users who are going to[/color][/color][/color]
be[color=blue][color=green][color=darkred]
> > > > hitting this app. - - Scripting is allowed.
> > > >
> > > > in the Web.Config, I've got:
> > > > <authenticati on mode="Forms">
> > > > <forms name=".MyApp"
> > > > loginUrl="login .aspx"
> > > > protection="All "
> > > > timeout="480"
> > > > path="/"
> > > > />
> > > > </authentication>
> > > > <authorizatio n>
> > > > <deny users ="?" />
> > > > </authorization>
> > > > And I'm importing the Web.Security Namespace on each page.
> > > > Does Each subsequent page need anything else in it to make this[/color][/color][/color]
work?[color=blue][color=green][color=darkred]
> > > > Please help - - I've been working on this for over a week now! What[/color][/color][/color]
am[color=blue]
> I[color=green][color=darkred]
> > > > missing?
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: Forms Authentication Problem

Yeah, Elmo, that's what I figured from your detailed post. Your Forms
Authentication page may be using the same cookie name as being used by that
"classic ASP" page. Choose another name!

You're not _supposed_ to be able to see session cookies in Temporary
Internet Files! The fact that you saw it there suggested that it wasn't from
ASP.NET, and the fact that you saw it after going to the "default" page
suggested that you were getting that cookie from the default page.

--
John Saunders
Internet Engineer
john.saunders@s urfcontrol.com


"ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
news:u8NICn4WDH A.1680@tk2msftn gp13.phx.gbl...[color=blue]
> I didn't notice until I sent the last message, that you said to 'blank'[/color]
out[color=blue]
> the start page....
> The weirdest thing happened - - previously, my start page was one of the
> other intranet's login page in our company (classic asp/different
> login/different server/completely different physical location) - - -
>
> AS SOON as I dumped that page from my default page in IE - the whole Forms
> Authentication worked perfectly - just like it was supposed to.
>
>
>
> "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> news:ewZKdC4WDH A.608@TK2MSFTNG P12.phx.gbl...[color=green]
> > Here are my steps
> > 1. Delete existing cookie, starting from scratch
> > 2. Run a page on web server - - redirects me to login page
> > 3. Login, hoping to go to url in querystring
> > 4. It does NOT redirect me to the correct page - -
> > in the Trace details, it shows the cookie with the correct name (from
> > Web.Config Name = section)
> > 5. However, I don't see the cookie in the Temporary Internet Files dir
> > yet - - close IE -no cookie
> > 6. Start IE (goes to default site which is NOT the web site in[/color][/color]
question) -[color=blue][color=green]
> > Cookie shows up
> > 7. Details - - - in the directory list (Windows Explorer):
> > Name: Cookie:myname@t estWebserver/ --- this is correct --
> > Internet Address - same as Name: - TXT file
> > Expires: 8/5/2053
> > Last Modified/Last Accessed/Last Checked - - all the same time/date[/color]
> (today)[color=green]
> >
> > 8. Try running a page on the web server again - - redirects me to login
> > page, with the originally requested page, correctly, in the querystring
> > (ReturnUrL) - - cookie shows up with the name given to it, in my[/color]
> Web.config[color=green]
> > file.
> >
> > Does this show you anything?
> >
> > "John Saunders" <john.saunders@ surfcontrol.com > wrote in message
> > news:uGP7F43WDH A.2080@TK2MSFTN GP11.phx.gbl...[color=darkred]
> > > Elmo,
> > >
> > > Let's be sure we understand each other. Here's a sequence of events to
> > > reproduce:
> > >
> > > 1) Close _all_ of your browsers
> > > 2) Start up IE (preferably with your home page set to about:blank).
> > > 3) Navigate to a page which requires you to be authenticated
> > > 4) You should be redirected to the login page
> > > 5) Check for the cookie it should be absent.
> > > 6) Log in. It should attempt to redirect you to the original page.
> > > 7) Whether or not it redirected you, check for the cookie again. If[/color][/color][/color]
it's[color=blue][color=green][color=darkred]
> > > there, post the details, in particular, the path, domain and[/color][/color][/color]
expiration.[color=blue][color=green][color=darkred]
> > >
> > > BTW, I don't know how you're seeing the cookie at all. Session cookies
> > > aren't displayed in IE's "View Files" dialog. You'd do better to use a[/color]
> > tool[color=darkred]
> > > like ProxyTrace from http://pocketsoap.com, which will allow you to[/color][/color][/color]
see[color=blue][color=green]
> > the[color=darkred]
> > > actual Set-Cookie header(s).
> > > --
> > > John Saunders
> > > Internet Engineer
> > > john.saunders@s urfcontrol.com
> > >
> > >
> > > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > > news:eX0gGh3WDH A.1640@TK2MSFTN GP10.phx.gbl...
> > > > Actually - I have had Tracing on & off several times - -
> > > > I see that the cookie is set - - but the weird thing is how it's
> > > showing - -
> > > > I went to the temporary internet files directory to watch when the[/color]
> > cookie[color=darkred]
> > > > shows up.
> > > >
> > > > I run a page on the site in IE, get referred to the login page,[/color][/color][/color]
login,[color=blue][color=green][color=darkred]
> > > and,
> > > > as usual, it does NOT redirect me to the original page....
> > > > Keep in mind, still no cookie in the directory -- then I close[/color][/color]
> IE - - -[color=green][color=darkred]
> > > > still no cookie.
> > > > THEN - when I start IE AGAIN, only going to its default page - - the
> > > cookie
> > > > shows up in the directory - - I don't get how this behavior works,[/color][/color]
> at[color=green][color=darkred]
> > > all.
> > > >
> > > > Still - the same login scenario happens - - no redirect.
> > > >
> > > > You said:
> > > > >>>>Maybe URL authorization has a typo in a role name, or roles[/color][/color][/color]
aren't[color=blue][color=green][color=darkred]
> > > being
> > > > applied in global.asax.
> > > >
> > > > I don't have any roles in play here - this scenario, at this point[/color][/color][/color]
is[color=blue][color=green][color=darkred]
> > > > supposed to check against a database table for authorization - - if
> > > > there - - validuser is true, else it's false
> > > > if it's true, I have it set like this:
> > > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True) and[/color][/color]
> again -[color=green][color=darkred]
> > > > here's where it doesn't work. It DOES, however, set the cookie,[/color][/color][/color]
named[color=blue][color=green]
> > the[color=darkred]
> > > > same as in the web.config file.
> > > >
> > > > Anything else?? Nothing shows up as
> > > >
> > > > "John Saunders" <john.saunders@ surfcontrol.com > wrote in message
> > > > news:OLe4NF3WDH A.2272@TK2MSFTN GP11.phx.gbl...
> > > > > Elmo,
> > > > >
> > > > > It may be redirecting to the page, then redirecting right back to[/color][/color]
> the[color=green][color=darkred]
> > > > login
> > > > > page when it's found that the user isn't authenticated.
> > > > >
> > > > > The question will be "why isn't the user authenticated when I[/color][/color][/color]
think[color=blue]
> he[color=green][color=darkred]
> > > > > should be?" Answers I've seen include:
> > > > >
> > > > > 1) Because the cookie is set up wrong and Forms Authentication[/color][/color][/color]
never[color=blue][color=green][color=darkred]
> > > sees
> > > > > it. Check on the domain, path and expiration of the cookie. In
> > > particular,
> > > > > make sure the cookie domain matches your domain. localhost has a[/color][/color]
> blank[color=green][color=darkred]
> > > > > domain, BTW.
> > > > > 2) Because the login page and the page you're redirecting to have
> > > > different
> > > > > values in the <machineKey> entry in machine.config or web.config.
> > > > > 3) The user _is_ authenticated, but not authorized. Maybe URL
> > > > authorization
> > > > > has a typo in a role name, or roles aren't being applied in[/color]
> > global.asax.[color=darkred]
> > > > >
> > > > > It sounds like it's time for you to look one layer deeper. In
> > > particular,
> > > > > try turning on tracing in web.config:
> > > > >
> > > > > <trace enabled="true" requestLimit="1 00" pageOutput="fal se"
> > > > > traceMode="Sort ByTime" localOnly="true " />
> > > > >
> > > > > Then reproduce the problem and navigate to
> > > > > http://localhost/yourSite/trace.axd. It may be instructive.
> > > > > --
> > > > > John Saunders
> > > > > Internet Engineer
> > > > > john.saunders@s urfcontrol.com
> > > > >
> > > > >
> > > > >
> > > > > "ElmoWatson " <sputnik75043@y ahoo.com> wrote in message
> > > > > news:%23qyCYV2W DHA.2376@TK2MSF TNGP11.phx.gbl. ..
> > > > > > I tried on the Security newgroup, as well as other places, and[/color]
> > haven't[color=darkred]
> > > > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > > > > >
> > > > > > I'm trying to get Forms Authentication working.....I can get any
> > > > requested
> > > > > > page to automatically go to the Login.aspx page, AND, the[/color][/color]
> ReturnURL[color=green][color=darkred]
> > > > > > querystring is correct in the address bar, but no matter what, I[/color]
> > can't[color=darkred]
> > > > get
> > > > > > it, once the user is authenticated, to redirect to the new page.[/color][/color]
> It[color=green][color=darkred]
> > > > ALWAYS
> > > > > > refreshes the Login.aspx page!
> > > > > >
> > > > > > My database has all the users - - I query the database and[/color][/color]
> validate[color=green][color=darkred]
> > > the
> > > > > user
> > > > > > there. This part works - - I've totally verified this.
> > > > > > Then - - I've got this:
> > > > > > if ValidUser="True " then
> > > > > > FormsAuthentica tion.RedirectFr omLoginPage(txt UID.text, True)[/color][/color][/color]
'[color=blue][color=green][color=darkred]
> > > > > > <-------this is the part that DOES NOT work at all - - it never
> > > > redirects
> > > > > > the page
> > > > > >
> > > > > > The machine.config points to the correct path for the
> > > WebUIValidation .js
> > > > > > file....I'm using MSIE, as are all the other users who are going[/color][/color]
> to[color=green]
> > be[color=darkred]
> > > > > > hitting this app. - - Scripting is allowed.
> > > > > >
> > > > > > in the Web.Config, I've got:
> > > > > > <authenticati on mode="Forms">
> > > > > > <forms name=".MyApp"
> > > > > > loginUrl="login .aspx"
> > > > > > protection="All "
> > > > > > timeout="480"
> > > > > > path="/"
> > > > > > />
> > > > > > </authentication>
> > > > > > <authorizatio n>
> > > > > > <deny users ="?" />
> > > > > > </authorization>
> > > > > > And I'm importing the Web.Security Namespace on each page.
> > > > > > Does Each subsequent page need anything else in it to make this[/color]
> > work?[color=darkred]
> > > > > > Please help - - I've been working on this for over a week now![/color][/color]
> What[color=green]
> > am[color=darkred]
> > > I
> > > > > > missing?
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]