Persisting .aspxauth membership cookie
asp.net,cookies,forms-authentication,.aspxauth
It seems a bit ridiculous that ASP.NET can't decrypt a cookie that it encrypted itself, but this is indeed what happens. To encrypt the cookie, ASP.NET uses the MachineKey setting in web.config or machine.config. Unfortunately the default setting for this "AutoGenerate,IsolateApps", in which case ASP.NET generates a new value every...
JBoss form based authentication. Always redirects to css file
html,css,java-ee,jboss,forms-authentication
So apparently the .css file I was redirected to, was inside of my /login.html. As soon as I got rid of any css, javascript references inside of the html. It started working. I guess I will have to embed the css in the html file. I don't know any other...
401 Unauthorize even after FormsAuthentication.SetAuthCookie()
c#,.net,asp.net-mvc,asp.net-mvc-5,forms-authentication
I found the reason. For some reason in my webconfig there is a line, which suppress FormsAuthentication module <system.webServer> <modules> <remove name="FormsAuthentication" /> </modules> </system.webServer> So with this line FormsAuthentiction not working, but if we comment it out or delete, all works as expected....
Different default page in MVC if authenticated
asp.net-mvc,redirect,routing,forms-authentication
I am not sure what the second part of your question really is supposed to mean, however, the main part of your question should be pretty straightforward. This has nothing to do with "routing", just what you want to happen if someone comes to your index (root) page of your...
CurrentPrincipal.Identity.IsAuthenticated is true even after signout when FormsAuth cookie domain set manually
asp.net-mvc,forms-authentication
Solved the issue. If you set the domain name manually, you have to set the domain name from the webconfig forms authentication settings. Otherwise it will try to clear cookies from the default domain (in my case subapp1.parent.com), where there is no such cookie since I have manually overridden the...
Authenticating in ASP.NET MVC 5 with OWIN and Third-Party system without storing credentials
c#,authentication,forms-authentication,asp.net-mvc-5,owin
I ended up solving this by creating my own implementation of IUserStore and its associated classes that wraps the third-party system.
Forms Authentication IsAuthenticated Not Working External Link
c#,asp.net,webforms,forms-authentication
OK I found the problem. MS Outlook and MS Word appear to be the issue. Thanks to this I was able to respond accordingly: Why are cookies unrecognized when a link is clicked from an external source (i.e. Excel, Word, etc...)
Username + [space] causes login.aspx redirect but Identity.IsAuthenticated is TRUE
c#,asp.net,active-directory,forms-authentication
This is not a solution to the problem you are asking about, but may still solve it for you and should be done anyhow IMO: Why don't you apply a Trim to the username before processing it? username = username.Trim(); This should remove any white space at the beginning and...
Suppress NTLM Authentication Dialog
c#,asp.net,forms-authentication,windows-integrated-auth
I suspect the unwanted popup stems from the initial request NOT containing an Authorization header until the 401 is received by the browser. Instead, you need to choose to avoid issuing the 401 if you predict forms authorization is required. Consider this approach: Enable Forms authentication as the default mode...
Asp.net share forms authentication by two applications in the same domain
asp.net,authentication,cookies,subdomain,forms-authentication
As suggested by the OP, here is the answer that works in that case. They've changed the cookie encryption between 4 and 4.5. You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key...
Bridging forms authentication and OAUTH
oauth,forms-authentication,thinktecture-ident-model
At the server I know the user id, both when generating the session token and later when the ASP.NET session is recreated without it. What I need is the server equivalent of a cookie. A quick search for "server side cookie" returned a couple of articles, one of which I...
ASP.NET MVC FormsAuthentication check if user logged in
asp.net,asp.net-mvc,forms-authentication
If you mean that you want to check if the user has logged in, I use the following: @if (User.Identity.IsAuthenticated) { /* content */} ...
MVC Limit / Redirect Role to Area
asp.net-mvc,asp.net-mvc-4,redirect,forms-authentication
Probably the easiest and most effective way is to create a custom AuthorizationAttribute that is specific to your needs: public class ThatSpecificRoleAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { // not sure what is EXACTLY needed so here is all the stuff I // think someone might need...
Persistent AuthCookie is set but being redirected to login
c#,asp.net,forms-authentication
//this line is NOT ENOUGH for "remember me" to work!!! FormsAuthentication.SetAuthCookie(userName, true); //DOESN'T WORK! //########### //you have to save the "remember me" info inside the auth-ticket as well //like this: DateTime expires = DateTime.Now.AddDays(20); //remember for 20 days //create the auth ticket FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, expires,...
Custom sign in not working
asp.net-mvc,razor,forms-authentication
The problem is that you used (I guess) VS2013 MVC5 WebApplication template, which leverages on Identity 2.0 for authentication, authorization and identity management. In web.config there is this section: <system.webServer> <modules> <remove name="FormsAuthentication" /> </modules> </system.webServer> That's the reason why Forms Authentication does not process your HTTP requests. If you...
Custom MVC Authentication without SetAuthCookie()
c#,asp.net-mvc,cookies,asp.net-mvc-5,forms-authentication
You basically need to look at creating a Custom Authentication Attribute. I'm not going to provide the actual implementation here, but this will put you on the right path. Here's the basic representation :- public class GoogleAuthAttribute : FilterAttribute, IAuthenticationFilter { public void OnAuthentication(AuthenticationContext filterContext) { IIdentity ident = filterContext.Principal.Identity;...
about forms authentication and redirect
c#,asp.net,webforms,forms-authentication
var userName = Request.ServerVariables["LOGON_USER"];//or some other method of capturing the value from the username var pc = new PrincipalContext(ContextType.Domain); var userFind = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, userName); if(userFind != null) { HttpContext.Current.Session["username"] = userFind.DisplayName; } If you want to check and redirect.. store the value inside a session variable inside the Global.asax...
Virtual Directory in Precompiled site not able to host html files
c#,asp.net,forms-authentication,pre-compilation
Ok, No biters? I ended up removing our builds pre-compile task. ...
Error deploying database to SQL Azure
sql-server,azure,forms-authentication,sql-azure
This was solved by generating a SQL Azure script for the DB, and running it on Azure. Here's how I solved it: First, open SQL Server, right click the database you want to transfer and click "Tasks > Generate Scripts..." Next, click "Advanced" on the scripting options panel and find...
OWIN Self-Host CookieAuthentication & Legacy .NET 4.0 Application / FormsAuthenticationTicket
asp.net,asp.net-web-api,forms-authentication,owin,formsauthenticationticket
There was some initial confusion on whether I could use the <machineKey> element within app.config. Further prototyping has shown that I can successfully share a single FormsAuthenticationTicket between both bounded contexts with the following code. Ideally, we will implement a proper authorization server to enable OpenID Connect, Forms, WS-Fed, etc...
Trouble retaining CustomPrincipal type in HttpContext
asp.net-mvc,authentication,forms-authentication
You need to create your CustomPrincipal from the cookie in each request and add it to the current context. Add the following to the Global.asax.cs file protected void Application_PostAuthenticateRequest(object sender, EventArgs e) { // Get the authentication cookie HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; // If the cookie can't be found, don't...
Access Login Control from Different Page
c#,asp.net,webforms,forms-authentication
Problem solved... What I ended up doing was to let the login control authorize a user with the lowest level rights. When a user attempts to access a page that requires higher rights, I'm first checking if if (User.Identity.IsAuthenticated == true) If true, then I run a new query that...
IE silently dropping cookies on iframe page (SSL)?
internet-explorer,iframe,ssl,cookies,forms-authentication
This was indeed the work of P3P. Superb IE troll-level. The solution: The sane way to fix this normally is to add a custom header to the system.webServer section of the web.config file. <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <httpProtocol> <customHeaders> <add name="p3p" value="CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi...
MVC Identity 2 using FormsAuthenticationTicket
asp.net-mvc-5,forms-authentication,asp.net-identity-2
There are Claims that serve exactly the same purpose. Only new API is actually purposed this way. Claims are a basically a Dictionary<String, String> that is stored in auth-cookie and available through IPrincipal. But you don't need to do ICustomPrincipal because actual object that you get behind IPrincipal is ClaimsPrincipal...
How do I ensure I have authorization to the root page of my website?
c#,asp.net,webforms,forms-authentication
I ended up using this code (the same as above), but it had to go in the OnBeginRequest method in the CasAuthenticationModule if (Request.AppRelativeCurrentExecutionFilePath == "~/") HttpContext.Current.RewritePath("default.aspx"); ...
I can't get authenticated using Forms Authentication with common login
c#,asp.net,asp.net-mvc,authentication,forms-authentication
Well, I found the answer. I need to put the machine key and validation key in the login page App, that in my case is another application that function like a common loin page for all the applications. And is necessarily specify the domain in which your are going to...
Overriding Authorize Attribute
asp.net-mvc,forms-authentication,authorize-attribute
This helped me setting up mine http://www.dotnet-tricks.com/Tutorial/mvc/G54G220114-Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html use [AuthorizeCustom(Roles = RoleNames.Admin)] Here is the full working attribute for me without any cleanup. public class AuthorizeCustomAttribute : AuthorizeAttribute { #region CONSTANTS public const string SectionStemFuture = "StemFuture"; #endregion #region PROPERTIES private string Section { get; set; } #endregion #region Constructor public...
MVC 5 - authorisation blues with forms authentication
asp.net-mvc,forms-authentication
Added this to Startup.Auth and it works perfectly app.UseCookieAuthentication(New CookieAuthenticationOptions() With {.LoginPath = New PathString("/Secure/Login")}) ...
Using ASP.Net Identity 2 cookie in forms authentication
asp.net,forms-authentication,asp.net-identity,owin
The cookie contains authentication ticket. The format of this ticket is different for cookie authentication middleware vs forms authentication. It is not possible to make FAM read the cookie created by the cookie authentication middleware. That said, you can write your own HTTP module, similar to FAM to read the...
Jetty JDBCLoginService doesn't pick up password changes?
java,servlets,jetty,forms-authentication
What version of Jetty is this? The 9.2.6 Javadocs for JDBCLoginService say this: HashMapped User Realm with JDBC as data source. JDBCLoginService extends HashULoginService and adds a method to fetch user information from database. The login() method checks the inherited Map for the user. If the user is not found,...
MVC 5 with owin cookie middleware - owinContext.Authentication.sign in not issuing cookies
asp.net,asp.net-mvc,cookies,forms-authentication,owin
// // POST: /Account/Login [HttpPost, AllowAnonymous, ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindAsync(model.UserName, model.Password); if (user != null) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError("", "Invalid username or password."); } } // If we got this...
AuthorizeAttribute keeps redirecting to /Account/Login
c#,asp.net,asp.net-mvc,forms-authentication,authorize-attribute
You're setting your cookie using FormsAuthentication. If you're using MVC5, they removed that type of authentication with the [Authorize] attribute. Look for this in your web.config. Remove that line if you want to use FormsAuthentication. <system.webServer> <modules> <remove name="FormsAuthentication" /> </modules> </system.webServer> You may want to read this about why...
asp.net get user information from xmlhttp requests
asp.net,ajax,forms-authentication
HttpContext.Current.User returns an object of type IPrincipal, and IPrincipal.Identity returns an object of type IIdentity. HttpContext.Current.User.Identity.Name gives you the username HttpContext.Current.User.Identity.IsAuthenticated gives you the authentication status (boolean) Armed with that, you can look up other details in the database, possibly storing them in the Session....
Login session never expires
c#,asp.net,cookies,forms-authentication
Your authentication expiration is changing because of sliding expiration, meaning that on each request the expiration is reset to to x minutes in the future. This is the default behavior for FormsAuthentication. Authentication will only expire after x minutes of inactivity, each time you are invoking a request to check...
What are possibilities that timeout is ignored when using forms authentication?
asp.net,asp.net-mvc,forms-authentication
Session state is not tied to your logged in state. You can be logged in, but have multiple sessions be created and abandoned, all without logging out. This is a plausible sequence of events: Session Starts User Logs in Session times out Session Starts Session times out Session Starts User...
Different result while reading the FormsAuthenticationTicket
asp.net-mvc,forms-authentication,formsauthentication,formsauthenticationticket
If you look at the MSDN for the GetAuthCookie() method that you use in example 2, you will see that it says: Creates an authentication cookie for a given user name. What this means is that when you make this call in example 2, you are actually getting back a...
Authentication wont authenticate because of web.config file
asp.net,asp.net-mvc,forms-authentication
Your authentication node should be inside system.web, like this: <system.web> <authentication mode="Forms"> <forms loginUrl="~/Login/Login" timeout="2880" /> </authentication> </system.web> ...
IIS forms authentication cross domain not redirecting to correct domain
iis,cross-domain,forms-authentication
A workaround might be to force the user to go back to the last page using JS instead. Not a great answer though i admit. I think this is an IIS bug since the documentation to set up forms authentication with different sub-domains does not mention this problem at all....
Where i should manage my asp.net mvc windows authntication Roles
asp.net,asp.net-mvc-4,asp.net-mvc-5,forms-authentication,windows-authentication
I think there are many ways to approach this, 2 I can think of off the top of my head: Use Active Directory to manage your roles and add users to the Active Directory groups as required. You can then access them through the users Identity in which you can...
ASP.net MVC FormsAuthentication cookie missing
c#,asp.net,asp.net-mvc,forms-authentication
Rowan suggested I look at the value for FormsAuthentication.Timeout.Minutes. After investigation, this value always came back as 0. This led to an immediate expiration of the ticket. I had to use FormsAuthentication.Timeout.TotalMinutes instead and everything started working properly
Web Service Call for ADFS 2.0 Authentication
asp.net,asp.net-mvc,wcf,forms-authentication,adfs2.0
Most likely the problem is in: string url = "{url of website}";. And/or missing parameters in the POST. It shouldn't be just any URL. It should be a properly formatted WS-Federation request. With timestamps etc. etc. And normally/sometimes (in current ADFS) it is a two step process. First the normal...
How to make satellizer use absolute url's?
angularjs,controller,forms-authentication,oauth-provider,satellizer
Set in your config: $authProvider.baseUrl = null; ...
Google's new recaptcha not validating
asp.net-mvc,validation,forms-authentication,form-submit,recaptcha
I was having this issue and re-read the documentation, and worked it out as the following: function onBegin() { $("input[type='hidden']").val(grecaptcha.getResponse()); } You have to add a javascript function to the "onBegin" parameter of the AjaxOptions object from the MVC html helper - that will copy the value of the widget's...
Location tag error in web.config
asp.net,vb.net,authentication,authorization,forms-authentication
I found out that in location tag, there shouldn't be any authentication
FormsAuthentication encrypt / decrypt
asp.net,encryption,forms-authentication,asp.net-4.5
The solution was to add compatibilityMode="Framework20SP1" to the MachineKey tag...
Getting the # route in from the Request in a controller in ASP.Net MVC
c#,asp.net,asp.net-mvc,asp.net-mvc-4,forms-authentication
The "#" is called a fragment, and is considered "client dependent". In other words, it's for the client and does not get sent back to the server. So, the server doesn't know what the fragment might be to redirect to. See http://en.wikipedia.org/wiki/Fragment_identifier From the Wikipedia article: Fragments depend on the...
MVC5 Forms authentication not working
asp.net-mvc,forms-authentication
When you say you're using MVC5, what version of Visual Studio are you using? Are you using an application that was originally created by a default wizard? If the application was created by the default wizard, then by default it enables ASP.NET Identity, and it removes the FormsAuthentication module from...