Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Forgot Password not working in DNN5Forgot Password not working in DNN5
Previous
 
Next
New Post
3/10/2009 3:29 AM
 
Henri Fournier


www.intratela.com
Joined: 12/14/2004
Posts: 40

I've got sites running 4.9.2 and the "Forgot Password" link works as expected. However, sites running 5.0.0 and 5.0.1 produce an error (bad link).

The page cannot be displayed

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact your ISA Server administrator. (12217)

The URL in the addressbar is:

http://www.mydomain.com/Home/tabid/36/ctl/SendPassword/Default.aspx?returnurl=%2fHome%2ftabid%2f36%2fctl%2fLogin%2fDefault.aspx%3freturnurl%3d%252fDefault.aspx

If I manually alter the URL to:

http://www.mydomain.com/Home/tabid/36/ctl/SendPassword/Default.aspx?returnurl=%2fDefault.aspx

and hit Enter, it works.

Looking at the source of a 4.9.2 Login page, you see:

    <form name="form" method="post" action="/Home/tabid/36/ctl/Login/Default.aspx?returnurl=%2fDefault.aspx" id="form" enctype="multipart/form-data" style="height: 100%;" autocomplete="off">
 

Looking at the source of a 5.0.0 Login page, you see:

    <form name="form" method="post" action="/Home/tabid/36/ctl/Login/Default.aspx?returnurl=http%3a%2f%2fwww.mydomain.com%2fHome%2ftabid%2f36%2fDefault.aspx" onsubmit=" return Webform_OnSubmit();" id="form" enctype="multipart/form-data">
 

So clearly, there were some major changes in this area. The returnURL went from relative to full and appears to be the cause of the problem. Plus, an onsubmit event was added (may not be related).

The "Register" link is also broken. Works fine from the skin object, but not from the Login page.

Could anyone verify these two links not working on DNN5 please? Thanks.

 
 
New Post
3/10/2009 8:46 AM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

Hi Henri,

The changes you have observed are a consequence of these two work items: DNN-7164 and DNN-7165.

However, it does not appear that the source of the errors you are experiencing is with DotNetNuke, but rather with your ISA server not allowing the requests through (most likely due to the fact that a URL-encoded querystring value contains an embedded second querystring).

I do not have much experience with ISA server, but your most immediate route would be to create an exception allowing this particular querystring form through.  If this is not possible (or does not work), create an issue in Gemini (at support.dotnetnuke.com) for further investigation.

Hope this helps!

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post
3/10/2009 6:07 PM
 
Henri Fournier


www.intratela.com
Joined: 12/14/2004
Posts: 40

Thanks for that.

I hear what you're saying and did realize that ISA is blocking it. However, it doesn't seem right that I have to modify my firewall for DNN to function properly, especially when it worked fine in DNN4. Furthermore, the link below works fine without any modifications to the firewall. So what's the difference.

This the URL from the Register skin object: (works fine):

http://www.mydomain.com/Home/tabid/36/ctl/Register/Default.aspx?returnurl=http%3a%2f%2fwww.mydomain.com%2fHome%2ftabid%2f36%2fDefault.aspx
 

This is the URL from the Register link on the Login page (error):

http://www.mydomain.com/Home/tabid/36/ctl/Register/Default.aspx?returnurl=http%253a%252f%252fwww.mydomain.com%252fHome%252ftabid%252f36%252fDefault.aspx

If you look at the encoded values of the returnurl, it's easy to see the differences. A forward slash (/) is %2f in the first link and %252f in the second. So DNN5 is using the wrong encoding for both the Login and Register links on the Login page.

The work items you listed were supposed to make things more consistent... I'd say they failed to do that.

Off to the Gemini site.
 
New Post
3/10/2009 6:49 PM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

Unfortunately, ISA is blocking a perfectly valid querystring.  That they are double-encoded is not particularly apropos, and I'm not sure I agree with the assertion that DotNetnuke should, per se, accommodate ISA (when it is ISA that is blocking a harmless querystring value).

That said, the fact that the behavior has changed, along with the possibility that the URI sequence might work equally well with singly-encoded querystring, might gain you some traction for remediation.  I suggest creating a new work item (if you haven't already), posting this forum link in its description, and posting the link to the work item herein.

Best of luck to you!

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post
3/10/2009 6:53 PM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

Brandon Haynes wrote

... creating a new work item... posting this forum link in its description, and posting the link to the work item herein.

Related work item is located at DNN-9525.

Brandon Haynes
BrandonHaynes.org
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Forgot Password not working in DNN5Forgot Password not working in DNN5


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out