iis,cross-domain,forms-authentication
A workaround might be to force the user to go back to the last page using JS instead. Not a great answer though i admit. I think this is an IIS bug since the documentation to set up forms authentication with different sub-domains does not mention this problem at all....
asp.net-mvc,forms-authentication,formsauthentication,formsauthenticationticket
If you look at the MSDN for the GetAuthCookie() method that you use in example 2, you will see that it says: Creates an authentication cookie for a given user name. What this means is that when you make this call in example 2, you are actually getting back a...
asp.net,asp.net-mvc,cookies,forms-authentication,owin
// // POST: /Account/Login [HttpPost, AllowAnonymous, ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindAsync(model.UserName, model.Password); if (user != null) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError("", "Invalid username or password."); } } // If we got this...
internet-explorer,iframe,ssl,cookies,forms-authentication
This was indeed the work of P3P. Superb IE troll-level. The solution: The sane way to fix this normally is to add a custom header to the system.webServer section of the web.config file. <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <httpProtocol> <customHeaders> <add name="p3p" value="CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi...
html,css,java-ee,jboss,forms-authentication
So apparently the .css file I was redirected to, was inside of my /login.html. As soon as I got rid of any css, javascript references inside of the html. It started working. I guess I will have to embed the css in the html file. I don't know any other...
asp.net,asp.net-mvc,forms-authentication
If you mean that you want to check if the user has logged in, I use the following: @if (User.Identity.IsAuthenticated) { /* content */} ...
asp.net-mvc,redirect,routing,forms-authentication
I am not sure what the second part of your question really is supposed to mean, however, the main part of your question should be pretty straightforward. This has nothing to do with "routing", just what you want to happen if someone comes to your index (root) page of your...
c#,asp.net,asp.net-mvc,forms-authentication,authorize-attribute
You're setting your cookie using FormsAuthentication. If you're using MVC5, they removed that type of authentication with the [Authorize] attribute. Look for this in your web.config. Remove that line if you want to use FormsAuthentication. <system.webServer> <modules> <remove name="FormsAuthentication" /> </modules> </system.webServer> You may want to read this about why...
c#,authentication,forms-authentication,asp.net-mvc-5,owin
I ended up solving this by creating my own implementation of IUserStore and its associated classes that wraps the third-party system.
c#,asp.net-mvc,cookies,asp.net-mvc-5,forms-authentication
You basically need to look at creating a Custom Authentication Attribute. I'm not going to provide the actual implementation here, but this will put you on the right path. Here's the basic representation :- public class GoogleAuthAttribute : FilterAttribute, IAuthenticationFilter { public void OnAuthentication(AuthenticationContext filterContext) { IIdentity ident = filterContext.Principal.Identity;...
c#,asp.net,active-directory,forms-authentication
This is not a solution to the problem you are asking about, but may still solve it for you and should be done anyhow IMO: Why don't you apply a Trim to the username before processing it? username = username.Trim(); This should remove any white space at the beginning and...
asp.net,asp.net-mvc,forms-authentication
Your authentication node should be inside system.web, like this: <system.web> <authentication mode="Forms"> <forms loginUrl="~/Login/Login" timeout="2880" /> </authentication> </system.web> ...
asp.net,asp.net-mvc-4,asp.net-mvc-5,forms-authentication,windows-authentication
I think there are many ways to approach this, 2 I can think of off the top of my head: Use Active Directory to manage your roles and add users to the Active Directory groups as required. You can then access them through the users Identity in which you can...
oauth,forms-authentication,thinktecture-ident-model
At the server I know the user id, both when generating the session token and later when the ASP.NET session is recreated without it. What I need is the server equivalent of a cookie. A quick search for "server side cookie" returned a couple of articles, one of which I...
asp.net-mvc-5,forms-authentication,asp.net-identity-2
There are Claims that serve exactly the same purpose. Only new API is actually purposed this way. Claims are a basically a Dictionary<String, String> that is stored in auth-cookie and available through IPrincipal. But you don't need to do ICustomPrincipal because actual object that you get behind IPrincipal is ClaimsPrincipal...
java,servlets,jetty,forms-authentication
What version of Jetty is this? The 9.2.6 Javadocs for JDBCLoginService say this: HashMapped User Realm with JDBC as data source. JDBCLoginService extends HashULoginService and adds a method to fetch user information from database. The login() method checks the inherited Map for the user. If the user is not found,...
c#,asp.net,asp.net-mvc,forms-authentication
Rowan suggested I look at the value for FormsAuthentication.Timeout.Minutes. After investigation, this value always came back as 0. This led to an immediate expiration of the ticket. I had to use FormsAuthentication.Timeout.TotalMinutes instead and everything started working properly
c#,asp.net,webforms,forms-authentication
I ended up using this code (the same as above), but it had to go in the OnBeginRequest method in the CasAuthenticationModule if (Request.AppRelativeCurrentExecutionFilePath == "~/") HttpContext.Current.RewritePath("default.aspx"); ...
c#,asp.net,forms-authentication,pre-compilation
Ok, No biters? I ended up removing our builds pre-compile task. ...
asp.net,encryption,forms-authentication,asp.net-4.5
The solution was to add compatibilityMode="Framework20SP1" to the MachineKey tag...
asp.net-mvc,forms-authentication,authorize-attribute
This helped me setting up mine http://www.dotnet-tricks.com/Tutorial/mvc/G54G220114-Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html use [AuthorizeCustom(Roles = RoleNames.Admin)] Here is the full working attribute for me without any cleanup. public class AuthorizeCustomAttribute : AuthorizeAttribute { #region CONSTANTS public const string SectionStemFuture = "StemFuture"; #endregion #region PROPERTIES private string Section { get; set; } #endregion #region Constructor public...
asp.net-mvc,forms-authentication
Added this to Startup.Auth and it works perfectly app.UseCookieAuthentication(New CookieAuthenticationOptions() With {.LoginPath = New PathString("/Secure/Login")}) ...
asp.net-mvc,forms-authentication
Solved the issue. If you set the domain name manually, you have to set the domain name from the webconfig forms authentication settings. Otherwise it will try to clear cookies from the default domain (in my case subapp1.parent.com), where there is no such cookie since I have manually overridden the...
asp.net,cookies,forms-authentication,.aspxauth
It seems a bit ridiculous that ASP.NET can't decrypt a cookie that it encrypted itself, but this is indeed what happens. To encrypt the cookie, ASP.NET uses the MachineKey setting in web.config or machine.config. Unfortunately the default setting for this "AutoGenerate,IsolateApps", in which case ASP.NET generates a new value every...
c#,asp.net,forms-authentication
//this line is NOT ENOUGH for "remember me" to work!!! FormsAuthentication.SetAuthCookie(userName, true); //DOESN'T WORK! //########### //you have to save the "remember me" info inside the auth-ticket as well //like this: DateTime expires = DateTime.Now.AddDays(20); //remember for 20 days //create the auth ticket FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, expires,...
asp.net-mvc,asp.net-mvc-4,redirect,forms-authentication
Probably the easiest and most effective way is to create a custom AuthorizationAttribute that is specific to your needs: public class ThatSpecificRoleAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { // not sure what is EXACTLY needed so here is all the stuff I // think someone might need...
asp.net,authentication,cookies,subdomain,forms-authentication
As suggested by the OP, here is the answer that works in that case. They've changed the cookie encryption between 4 and 4.5. You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key...
c#,asp.net,webforms,forms-authentication
var userName = Request.ServerVariables["LOGON_USER"];//or some other method of capturing the value from the username var pc = new PrincipalContext(ContextType.Domain); var userFind = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, userName); if(userFind != null) { HttpContext.Current.Session["username"] = userFind.DisplayName; } If you want to check and redirect.. store the value inside a session variable inside the Global.asax...
c#,.net,asp.net-mvc,asp.net-mvc-5,forms-authentication
I found the reason. For some reason in my webconfig there is a line, which suppress FormsAuthentication module <system.webServer> <modules> <remove name="FormsAuthentication" /> </modules> </system.webServer> So with this line FormsAuthentiction not working, but if we comment it out or delete, all works as expected....
asp.net-mvc,razor,forms-authentication
The problem is that you used (I guess) VS2013 MVC5 WebApplication template, which leverages on Identity 2.0 for authentication, authorization and identity management. In web.config there is this section: <system.webServer> <modules> <remove name="FormsAuthentication" /> </modules> </system.webServer> That's the reason why Forms Authentication does not process your HTTP requests. If you...
asp.net,asp.net-web-api,forms-authentication,owin,formsauthenticationticket
There was some initial confusion on whether I could use the <machineKey> element within app.config. Further prototyping has shown that I can successfully share a single FormsAuthenticationTicket between both bounded contexts with the following code. Ideally, we will implement a proper authorization server to enable OpenID Connect, Forms, WS-Fed, etc...
c#,asp.net,forms-authentication,windows-integrated-auth
I suspect the unwanted popup stems from the initial request NOT containing an Authorization header until the 401 is received by the browser. Instead, you need to choose to avoid issuing the 401 if you predict forms authorization is required. Consider this approach: Enable Forms authentication as the default mode...
c#,asp.net,cookies,forms-authentication
Your authentication expiration is changing because of sliding expiration, meaning that on each request the expiration is reset to to x minutes in the future. This is the default behavior for FormsAuthentication. Authentication will only expire after x minutes of inactivity, each time you are invoking a request to check...
asp.net-mvc,authentication,forms-authentication
You need to create your CustomPrincipal from the cookie in each request and add it to the current context. Add the following to the Global.asax.cs file protected void Application_PostAuthenticateRequest(object sender, EventArgs e) { // Get the authentication cookie HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; // If the cookie can't be found, don't...
asp.net,vb.net,authentication,authorization,forms-authentication
I found out that in location tag, there shouldn't be any authentication
asp.net-mvc,validation,forms-authentication,form-submit,recaptcha
I was having this issue and re-read the documentation, and worked it out as the following: function onBegin() { $("input[type='hidden']").val(grecaptcha.getResponse()); } You have to add a javascript function to the "onBegin" parameter of the AjaxOptions object from the MVC html helper - that will copy the value of the widget's...
asp.net,asp.net-mvc,forms-authentication
Session state is not tied to your logged in state. You can be logged in, but have multiple sessions be created and abandoned, all without logging out. This is a plausible sequence of events: Session Starts User Logs in Session times out Session Starts Session times out Session Starts User...
c#,asp.net,asp.net-mvc,asp.net-mvc-4,forms-authentication
The "#" is called a fragment, and is considered "client dependent". In other words, it's for the client and does not get sent back to the server. So, the server doesn't know what the fragment might be to redirect to. See http://en.wikipedia.org/wiki/Fragment_identifier From the Wikipedia article: Fragments depend on the...
asp.net,forms-authentication,asp.net-identity,owin
The cookie contains authentication ticket. The format of this ticket is different for cookie authentication middleware vs forms authentication. It is not possible to make FAM read the cookie created by the cookie authentication middleware. That said, you can write your own HTTP module, similar to FAM to read the...
angularjs,controller,forms-authentication,oauth-provider,satellizer
Set in your config: $authProvider.baseUrl = null; ...
c#,asp.net,webforms,forms-authentication
OK I found the problem. MS Outlook and MS Word appear to be the issue. Thanks to this I was able to respond accordingly: Why are cookies unrecognized when a link is clicked from an external source (i.e. Excel, Word, etc...)
asp.net,asp.net-mvc,wcf,forms-authentication,adfs2.0
Most likely the problem is in: string url = "{url of website}";. And/or missing parameters in the POST. It shouldn't be just any URL. It should be a properly formatted WS-Federation request. With timestamps etc. etc. And normally/sometimes (in current ADFS) it is a two step process. First the normal...
c#,asp.net,webforms,forms-authentication
Problem solved... What I ended up doing was to let the login control authorize a user with the lowest level rights. When a user attempts to access a page that requires higher rights, I'm first checking if if (User.Identity.IsAuthenticated == true) If true, then I run a new query that...
sql-server,azure,forms-authentication,sql-azure
This was solved by generating a SQL Azure script for the DB, and running it on Azure. Here's how I solved it: First, open SQL Server, right click the database you want to transfer and click "Tasks > Generate Scripts..." Next, click "Advanced" on the scripting options panel and find...
asp.net-mvc,forms-authentication
When you say you're using MVC5, what version of Visual Studio are you using? Are you using an application that was originally created by a default wizard? If the application was created by the default wizard, then by default it enables ASP.NET Identity, and it removes the FormsAuthentication module from...
asp.net,ajax,forms-authentication
HttpContext.Current.User returns an object of type IPrincipal, and IPrincipal.Identity returns an object of type IIdentity. HttpContext.Current.User.Identity.Name gives you the username HttpContext.Current.User.Identity.IsAuthenticated gives you the authentication status (boolean) Armed with that, you can look up other details in the database, possibly storing them in the Session....
c#,asp.net,asp.net-mvc,authentication,forms-authentication
Well, I found the answer. I need to put the machine key and validation key in the login page App, that in my case is another application that function like a common loin page for all the applications. And is necessarily specify the domain in which your are going to...