This project is read-only.

Access denied in subsites of FBA site

Topics: Internet/Extranet Edition
Nov 24, 2008 at 7:56 PM
Edited Nov 24, 2008 at 8:57 PM

My FBA Internet/Extranet Edition top level site, using SQLMembership provider, works fine to authenticate and apply appropriate permissions to logged on users. But I have 2 subsites that inherit their permissions from the top level site, and on the initial attempt to access either of them from the top link menu bar the logged on user gets access denied error. On the second attempt, though, it always allows them through and is fine thereafter. Anyone seen this, and/or any tips, ideas..

Many thanks in advance!

Update: the reverse is true as well. Once in a subsite, if I click on the toplevel site link in the upper left corner, it initially denies me access, but works fine after that.
Dec 3, 2008 at 8:18 PM
anyone?.. anyone?..
Dec 3, 2008 at 8:50 PM
Sorry, I haven't a clue.  FBA works fine for me whether on the root site or any subsite. 

One suggestion...Download Fiddler (a client HTTP debugging proxy) and run it while you're browsing.  It will audit all requests and responses, and it might give you some more information.

Mike Sharp
Dec 4, 2008 at 8:46 PM
Well, it would seem my symptoms is caused by the the forms auth cookie expiring:

Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. 

I've googled the bjeebers outta this one and it appears to be either a forms auth cookie timeout issue or something to do with the machine key; I had already manually added the machine key to the web.config with the correct 2.0 settings so I think it may be the cookie timeout, though i don't know exactly why it's happening. I'm going to keep researching this but meanwhile if you have any tips / ideas regarding this particular issue, any input is very welcome. Thanks again.

Dec 8, 2008 at 4:57 PM
Correction: it's not altogether clear that the above error is directly related to any or all of the access denied. erro What has become clear is that the denial is actually occurring when the authenticated user clicks on a link in the masterpage region of the site; the links within the child pages don't cause this to happen.
Dec 8, 2008 at 5:59 PM
Ok, that's REALLY weird.  You're saying if you put a link in a content editor web part to a subsite in a web part page of a document library, it works, but the navigation links don't (the first time)?

I'm curious if you've tried looking at the requests with Fiddler.  Is the 401 occuring on the page request, or the request of some other resource?

This is a single machine, not a web farm, right?

Dec 8, 2008 at 8:17 PM
Edited Dec 8, 2008 at 8:22 PM
had posted that the issue was resolved; but apparently it's not. I'm looking at the header info and will update soon; thanks!