Site Server Forms Authentication May Not Work in a Reverse Proxy Environment

ID: Q242772

The information in this article applies to:
  • Microsoft Site Server version 3.0
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SYMPTOMS

The Site Server Forms Authentication ISAPI filter Authfltr.dll returns a relative HTTP 302 redirect response. Depending on the reverse proxy mapping configuration, this can break reverse proxy functionality.


CAUSE

This behavior is compliant with RFC 2048.


RESOLUTION

To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, please see the following article in the Microsoft Knowledge Base:

Q219292 How to Obtain the Latest Site Server 3.0 Service Pack


STATUS

This problem was first corrected in Site Server 3.0 Service Pack 3.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

To enable the sending of absolute redirects, use the following steps:

  1. Start Registry Editor (Regedt32.exe).


  2. Locate the following key in the registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Site Server\3.0\P&M


  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value Name: UseAbsoluteRedirects
    Data Type: REG_DWORD
    Value: 1


  4. Quit Registry Editor.


If the above value is not present, the code functions the same as in prior versions. In other words, it will continue using relative redirects.

Site Server Forms Authentication traps any unauthorized requests to pages on a virtual Web server and issues a redirect to the FormsLogin.asp page. The content of this redirect depends on where the FormsLogin.asp file is. By default, this is in _mem_bin in the root of the virtual Web server. This results in a redirect containing a header ref "Location: /_mem_bin/FormsLogin.asp," (a relative redirect) being sent back to the client. In a reverse proxy environment, the proxy server may have a number of mappings configured that parse and rewrite header information. For example, it intercepts any request from a client with a header containing the extranet FQDN and replaces it with the corresponding intranet site name. When you use the same Forms Authentication page for multiple virtual Web servers, a loss of information occurs on the site where the original request came from.

Additional query words: froms authentication redirect reverse proxy

Keywords : SS3SP3Fix
Version : winnt:3.0
Platform : winnt
Issue type : kbbug


Last Reviewed: October 26, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.