Login page loses style on formsauthentication.signout

Topics: Themes
Feb 22, 2009 at 5:26 PM
Hi, I've been dealing with an issue that I hope someone can help me with. I have the blogengine runing successfully. We only have one outstanding issue right now. When you first come to the login page, the style is not applied at all. The page looks terrible. Then, after a successful login (authentication ticket set) I'm taken to my start page with the proper theme applied. Every page looks great after this point. Then, I log out and I'm taken to the login.aspx page and the theme is still applied. But, if I refresh the page now I lose my theme again and the login page looks terrible again.

I have pinpointed this down to the formsauthentication.signout call. As soon as this happens my style gets screwy. Is there some kind of config setting that's out of place? Can I code around this or set the theme programatically in order to get the login page to display correctly? Any help would be greatly appreciated.
Coordinator
Feb 22, 2009 at 5:51 PM
Is your stylesheet not being applied on the front page of your blog?  Or is it only not applied on the login.aspx page?  From your description, it sounds like the style sheet is only not applied on login.aspx.

When you're having this problem, if you do a View Source in your browser, you'll probably find a stylesheet <link> tag in the <head> section.  The file it's pointing to will be css.axd and will look something similar to ...

<link rel="stylesheet" href="/themes/Standard/css.axd?name=style.css&amp;v=1.4.5.14" type="text/css" />

Try accessing that css.axd file directly in your browser.  So based on that <link> above, the URL you would want to navigate to would be:

http://www.example.com/themes/Standard/css.axd?name=style.css&amp;v=1.4.5.14

Do you see the styles in your browser?  Or do you get a 404 error?  Are on IIS6 or IIS7?  What version of BE are you running?
Feb 22, 2009 at 6:07 PM
Thanks for the quick response. I just took a look at the source for my login.aspx page and my stylesheet reference looks like:

<link rel="stylesheet" href="/BlogAdmin/themes/Standard/css.axd?name=style.css&amp;v=1.4.5.0" type="text/css" />

I logged in and reviewed the stylesheet link for the default.aspx page and it's the same, but the style had been applied to this page and it was not applied on the login.aspx page. I click log out and then click F5 to refresh my browser on the login.aspx page and the style completly goes away.

I tried posting the URL like you described above. If I'm not logged in and just redirects me back to the messed up looking login.aspx screen. So I logged in and copied the link into my address bar and then I actually download the css file and everything displays in visual studio for that stylesheet basically.

I'm running vista ultimate with IIS7 and my partner downloaded BE about 3 weeks ago. How would I confirm the version?


Coordinator
Feb 22, 2009 at 6:20 PM
Based on that stylesheet HREF tag, it looks like you're using BE 1.4.5.

1. Is your blog installed in a "BlogAdmin" folder?

2. Is the url for your default.aspx page http://www.example.com/BlogAdmin/default.aspx?

3. Is the url for your login page http://www.example.com/BlogAdmin/login.aspx?

4. Is "BlogAdmin" an application in IIS7?  And your main web.config file is in the "BlogAdmin" folder?  Or did you integrate BE into an existing website?

5. After you click "Log off", you're on the login.aspx page?  BE should automatically redirect you back to default.aspx after logging off.

Sorry, lots of questions :)
Feb 22, 2009 at 6:31 PM
Here are the answers to your questions:

1) Yes, the root folder is BlogAdmin.

2) Yes, this is correct.

3) Yes, this is correct.

4) Yes, it's IIS7 and  the web.config is in the BlogAdmin folder. We also integrated it into an existing site. So, we have the admin portion as it's own site where blog administration takes place. Then, we have an existing site that we built a page and integrated in the blog posts and comments. Just a front end view of the blog info.

5) Yes, when I click Log Off it takes me through the code behind of the login.aspx page where it performs the formsauthentication.signout(). I'm still on login.aspx but it presents me with the login fields. I then click F5 to refresh and the style completly goes away and it's mostly plain white after that. If I an authenticated, everything works great.

No problem, thanks for the help. I feel like we are so close. This last little issue is small but it's a show stopper for my client.
Coordinator
Feb 22, 2009 at 6:59 PM
Where does the blog administration take place?  If you want to get to the "Settings" tab in the BE control panel, for example, is the URL http://www.example.com/BlogAdmin/admin/Pages/Settings.aspx?

On your blog, you probably have an RSS Subscription link.  Does clicking on that link bring up a regular RSS page?  Or do you get an error or are redirected somewhere?

Also, are you accessing your blog on localhost thru Visual Studio's built-in web server?  Where the URL is something like

http://localhost:49218/...

Or are you using the application set up within IIS7 where the URL is like:

http://localhost/BlogAdmin/...

Do you have a <system.webServer> section in your main web.config file?  The web.config file that came with BE 1.4.5 didn't have a <system.webServer> section which is used for IIS7.  If you do already have a <system.webServer> section, try replacing it with the one below to see if it makes a difference.  If you don't already have a <system.webServer> section, then try adding the one below into your web.config file.  It would go right before the closing </configuration> tag.


<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    
    <modules>
        <add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core" />
        <add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core" />
        <add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core" />
        <add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core" />
    </modules>

    <handlers accessPolicy="Read, Write, Script, Execute">
        <remove name="PageHandlerFactory-Integrated" />
        <add name="FileHandler" verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="ImageHandler" verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Syndication" verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Sitemap" verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Trackback" verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Pingback" verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="OpenSearch" verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="MetaWeblog" verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="RSD" verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="CssHandler" verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Javascript" path="js.axd" verb="*" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Rating" verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Opml" verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="BlogML" verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="SIOC" verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Apml" verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="Foaf" verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
        <add name="PageHandlerFactory-Integrated" verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
    </handlers>
</system.webServer>
Feb 22, 2009 at 7:16 PM
To get to my settings, I go to the following URL:

http://localhost:50598/BlogAdmin/admin/Pages/Settings.aspx

As you can see from this link, I'm using the web server built into Visual Studio 2008.

If I click on Subscribe, I'm taken to this URL:

http://localhost:50598/BlogAdmin/syndication.axd

I do not get an error when I'm taken to the URL above.

I had a system.webervers section in my web.config already. I copied all of the info you listed above into my web.config and re-ran the application. It didn't make a difference. The style wasn't set correctly. It's like I need to have the authentication cookie in place in order for the style to be set properly. Does this make sense? Should I be trying to do something in code to try to get this authentication cookie in place so that the style gets set? I don't know why the style is connected to this cookie but as soon as the signout method is called and I perform a refresh, the theme goes away.

Thanks for all your help by the way.
Coordinator
Feb 22, 2009 at 7:23 PM
I do see what you mean that the css.axd file is requiring a login cookie.  I'm just not sure why that is :)

One quick thing you can try which may solve this problem is to go into the Settings tab in the control panel, and uncheck the "Trim stylesheets" box in the advanced settings section.  Doing this will make it so instead of CSS.axd being used, the direct link to your CSS file will be used instead.  See if that makes a difference.
Coordinator
Feb 22, 2009 at 7:35 PM
I'm also a little stumped on why when you click the Log Off link, you are still on the login.aspx page.  The Signout code in login.aspx looks like:

FormsAuthentication.SignOut();
if (Request.UrlReferrer != null && Request.UrlReferrer != Request.Url)
{
    Response.Redirect(Request.UrlReferrer.ToString(), true);
}
else
{
    Response.Redirect("login.aspx");
}

If you're on default.aspx when you click the Log Off link, then the following should be true when the code above runs:

Request.UrlReferrer should be http://localhost:50598/BlogAdmin/default.aspx.
Request.Url should be http://localhost:50598/BlogAdmin/login.aspx?logoff.

So the code above should redirect you to http://localhost:50598/BlogAdmin/default.aspx right after FormsAuthentication.SignOut().
Feb 22, 2009 at 9:22 PM
I unchecked the Trim Stylesheets box in settings and went back to default.aspx. It actually makes the style get lost quicker now. Before when I clicked Log Off, I was presented with the login fields and the style was still there. If I refreshed the browser I lost the style. Now when I'm logged in and I'm sitting at the default.aspx page I can click log off and I immediately lose style and I'm taken to the login.aspx screen. Here's what the URL looks like when I log off:

http://localhost:50598/BlogAdmin/login.aspx?ReturnUrl=%2fBlogAdmin%2fdefault.aspx

Coordinator
Feb 22, 2009 at 9:32 PM
That URL you posted starts to make some sense out of this.  So an attempt to redirect you to default.aspx is made, but because authentication to be on default.aspx is needed for some reason, you're kicked back to the login page.  Wonderful! :)

Do you have an <authorization> tag in your web.config file?  Or maybe in a parent web.config file?  In your BE web.config file, I would try setting it up to allow anonymous access.

<system.web>
  ... existing stuff ...
 
  <authorization>
     <allow users="?"/>
  </authorization>
 
  ... existing stuff ...
</system.web>
Feb 22, 2009 at 9:45 PM
Yes, I have the following authorization tags in my web.config:

<

 

authorization>

 

<

 

deny users="?"/>

 

</

 

authorization>

I do not have a parent web.config file, I just have the one.

 

Coordinator
Feb 22, 2009 at 9:49 PM
Okay, well that's the problem.  The <deny users="?"/> is making it so all the pages require login.  I would just remove that entire <authorization> section.

Do you need it for something else?  If you need it for another directory, there's a <location> tag available where you can indicate to either deny anonymous access to certain folder(s), or to allow anonymous access for certain folder(s).
Feb 22, 2009 at 10:32 PM
That's going to do the trick I think. I removed that and it's working now. I just need to admin section to be protected and it is right now. So, I think I've gotten it where I need it to be. Thanks for all your help with this, I really appreciate it!
Coordinator
Feb 22, 2009 at 10:52 PM
I'm sure removing the <deny> tag has made a world of difference :)  In case you haven't already noticed, BE's control panel is protected by a different web.config file in the "admin" folder.  There's a <deny> tag in that file.
Feb 22, 2009 at 10:57 PM
I had not noticed another web.config file in the Admin folder. That's great. That keeps unauthorized users from getting in and changing anything with the blogs we are implementing. I believe I'm all set for now. Thanks again!