I have an old ASP.NET intranet application where the forms login page is demonstrating unusual behavior. If any version of IE has a cleared history (history, not cookies) when they submit to log in the page executes a blank post back and remains on the login page.

If they refresh the page or had been redirected to the login page from trying to directly access another page then they are logged in without trouble.

I have published additional copies of this application to the same IIS server and they initially did not exhibit this behavior however after some number of hours they began acting the same way. Republishing to the same instance does not "fix" the issue like publishing to a new site does and neither does removing the old application and then publishing to the same name.

I'm not sure where to go from here so any help would be appreciated.

Below is the button click code but I have now learned that the site is not even executing this code initially. Everything works fine if the user refreshes the page though as I have stated above.

        private void submit_Click(object sender, System.EventArgs e)
    {
        ValidateUser();
    }


    private void ValidateUser()
    {
        Regex userIdRegex = new Regex(@"^[a-zA-Z]{1}[a-zA-Z\- _'.\-,0-9]{2,40}$");
        Regex passwdRegex = new Regex(@"^[a-zA-Z]{1}[a-zA-Z _.0-9~!@#$%^&*()]{5,40}$");

        try
        {
            Employee currUser = new Employee();
            if (userIdRegex.IsMatch(userID.Text))
            {
                if (passwdRegex.IsMatch(passwd.Text))
                {
                    currUser = _userController.UserLogin(userID.Text, passwd.Text);

                    //**** START KECC

                    //if (currUser.UserID != null && Session["HasSeenKECC"] == null)
                    //{
                    //    DataSet ds = KECC.DataAccess.KECC_Get_User(currUser.UserID);
                    //    if (ds.Tables[0].Rows[0]["USER_KECC_is_show_message"].ToString() == "1")
                    //    {
                    //        Session.Add("KECC_User", ds);
                    //        Session.Add("KECC_User_1", userID.Text);
                    //        Session.Add("KECC_User_2", passwd.Text);
                    //        Response.Redirect("~/KECC/KECC.aspx", false); //Need something here, either true or Response.End() and maybe wrap in Try Catch
                    //        return;
                    //    }
                    //}

                    //**** END KECC

                    if (currUser.UserID == null)
                    {
                        msg.Text = "User ID or Password is not valid";
                    }
                    else if (currUser.IsActivated.Equals("Y"))
                    {
                        FormsAuthentication.RedirectFromLoginPage(currUser.UserID, false);

                        DateTime dt30dayBefore = DateTime.Now.AddDays(_passwordExpire * -1);
                        if (DateTime.Parse(currUser.LastPasswdChgDate) < dt30dayBefore)
                        {
                            // Password expired. Move to the password change page.
                            Response.Redirect("~/Profile/changeProfile.aspx", false);
                        }
                        else
                        {
                            // By the role, the different page should show up.
                            if (currUser.UserType == "Administrator")
                            {
                                Response.Redirect("~/Admin/AdminMain.aspx", false);
                            }
                            else
                            {
                                // Check whether the next available day is the same as status effective change date
                                CalnController calnControl = new CalnController();
                                if (DateTime.Parse(calnControl.GetLatestDay(currUser.EM_SSN).RealDate) == DateTime.Parse(currUser.EffectiveDate) && currUser.WorkHours != currUser.EffectiveStatus)
                                {
                                    currUser.Effect_Status();
                                }

                                // find the lastest week to decide where it goes to (full or part)
                                Week latestWeek = calnControl.GetLatestWeek(currUser.EM_SSN);

                                if (!latestWeek.IsSubmitted)
                                    this.redirectToPartOrFull(currUser.WorkHours, currUser.IsTemporary);
                                else
                                {
                                    // it is important because of the denial case
                                    this.redirectToPartOrFull(latestWeek.RequiredWorkHours, latestWeek.IsTemporary);
                                }
                            }
                        }
                    }
                    else
                    {
                        msg.Text = "Your User ID was deactivated! Please contact an administrator.";
                    }
                }
                else
                {
                    ScriptCodes.ShowAlertWindow(this, "Password Length", "Password should be at least 6 characters long!");
                }
            }
            else
            {
                msg.Text = "User ID is not in the proper format!";
            }
        }
        catch { msg.Text = "Currently the system is not available!!"; }
    }

As a temporary solution I have added this code to the aspx page:

        <% if (!Page.IsPostBack)            {  %>
           <script type="text/javascript">

               window.onload = function () {
                   if (!window.location.hash) {
                       window.location = window.location + '#loaded';
                       window.location.reload();
                   }
               }</script>
    <%   } %>

Related posts

Recent Viewed