locked
Redirect fails to site with Integrated Windows Authentication - need workaround RRS feed

  • Question

  • I have an aspx page which dynamically creates a set of QueryString parameters and does a redirect (Response.Redirect) to a site on a different server that utilizes Integrated Windows Authentication (anonymous is not allowed).  Ultimately this redirect fails, resulting in a 404 status page.

    Example of the original page:
    http://server1/startpage.aspx?var=12345

    The dynamically created redirect URL:
    http://server2/page.aspx?type=process&value=12345

    URL in address bar of 404 page:
    http://server1/page.aspx?type=process&value=12345

    After hours of troubleshooting (my code) I finally analyzed the traffic using "Fiddler2" to determine the cause of the problem.  The dynamically created redirect includes the full (including hostname) URL of the destination, when this request gets to the server the server responds with a 401 status code (not authorized).  The client (IE) behind the scenes then sends a Kerberos authentication header back to the server along with the same resource request.  Here's where the problem occurs: the server responds with a 302 (redirect) which uses a relative location path, resulting in the 404 page url address.

    Is there any way to resolve this issue?  Disabling Integrated Windows Auth. on the destination server is not an option.

    Thanks,
    John

    Monday, May 11, 2009 4:57 PM

Answers

  • Hello John,

     

    Thank you for your post!  I would suggest posting your question in the located here:  http://forums.asp.net/


    Have a great day!

    Thanks!


    SachinW Tier 2 Application Support Server and Tools Online Engineering Live Services Team
    • Proposed as answer by SachinW Tuesday, May 12, 2009 5:03 AM
    • Marked as answer by SachinW Tuesday, July 21, 2009 6:33 PM
    Tuesday, May 12, 2009 5:03 AM