I use a ASP.Net login control in a straightforward manor however I have spotted that the ASPXAUTH cookie has an expiry date of {01/01/0001 00:00:00}. Should this not get to something to prevent hacker manipulation? I am not issuing the cookie myself I am letting .Net create it. I have run a scan on my web app and it is able to store th...
I have website that is ASP.NET with Forms Authentication, clicking the logout button does correctly call FormsAuthenication.SignOut() so it invalidates the cookie. All machines in the office are using IE8 and work fine, just like Firefox. But one installation of IE8 will load cached copies of authenticated pages even after logging out w...
I am trying to figure out how to implement an ASP.NET page with Windows Authentication without getting that annoying IIS login box. I currently have 3 domains in my network so all the people logging in would have to prefix their user names with the domain. This is not user friendly. I would like to have a custom login page that wou...
Hi! I try to use ASP.Net's MembershipProvider to give access only to certain users. This is backed up by an ADAM instance. I use some test-code which runs just fine: public static DataTable getADValuesByParameter(string strFilter, string strLDAPUser, string strLDAPPath, string strLDAPPWD, string strLDAPProperties) { ...
I have a silverlight app, which uses forms authentication for security purpose. I have a custom membership provider to authenticate the user. This is hooked up properly and is working. Then, after its authenticated I have user information which I need to save (More than just the name), hence I create a custom cookie and save it. All wor...
I have a ASP.Net application in my login page I call FormsAuthentication.SignOut Session.Abandon() Session.Clear() however the Appscan is taking the ASPXAUTH cookie value then after logout is able to re-inject the cookie value to gain access to protected pages. Microsoft has acknowledged a problem but only offers advice not a fi...
Are there any possible issues with using the default Forms Authentication (see below) on Load Balanced servers? If there can be, what can I do to prevent the issues. <authentication mode="Forms"> <forms loginUrl="~/Login/" protection="All" timeout="30" /> </authentication> Can I use cookies (used by default)? Do I have to go coo...
Is there any way to not use the <machineKey> and instead provide my own key at runtime. Trying to find a way to read the key from say a SQL database or any centralized store and provide it to FormsAuthentication somehow. ...
I have a website, with basic Forms Authentication working alright. Users have emails that contain links to my site, with a querystring variable. Users are prompted to login correctly, but using FormsAuthentication.RedirectFromLoginPage(userName, false); Does not work when the original url contains a querystring. I've tried these requ...
Hi there, I've got a site that uses Forms Authentication (with a custom membership provider, but that's not important right now). In the secure part of the website, the customer can purchase goods and pay for them via WorldPay. Once they come back from WorldPay, if there's a link back into the secure part of the website, can I reasonab...
We're currently migrating a portion of intranet apps to MojoPortal(an open source cms app). MP uses FormsAuth by default and we've set it to authenticate against our current Active Directory store. All that being said, we are looking to automatically log in users from the current system to the new system to create a seamless experience....
I have some code that is accessing Membership.GetUser() to get the current logged in user. This works fine until I try to access it immediately after logging in with FormsAuth.SignIn(userName, false); However I noticed that neither Membership.GetUser() nor User.Identity.Name is updated with the newly logged in user until a new request ...
I have a user database, to which I have access trough a web service. One of the web service method is something like this: public void login(string name, string password, out user_key) and in my controller I want to do something like this: String key = repo.login(username, password); // a wraper on the login method if(key ....) F...
I am doing the following during login, but the logins don't seem to be persisting at all: FormsAuthentication.SetAuthCookie(userId.ToString(), true); ...
Our application is built in VB6 and delivered in a SaaS model via Citrix. Our subscribers must first authenticate to the Citrix Login Portal (AD) which gives them access to their applications. Each application has its own local user repository so except for where we've implemented some single sign on strategies, the user must enter a s...
I'm using ASP.Net and forms authentication. When a user is directed to the Login Page I get a JavaScript error: Message: Syntax error Line: 3 Char: 1 Code: 0 URI: http://localhost:49791/login.aspx?ReturnUrl=%2fWebImageButton.js This is because I am using a Custom Image Button in a separate Web Control Project control that adds ...
Authentication cookies seem to timeout after a short period of time (a day or so). I am using Forms Authentication and have the timeout="10080" with slidingExpiration="false" in the web.config. With that setting, the cookie should expire roughly 7 days after the user is successfully authenticated. This worked as advertised with IIS6, bu...
Hi All, I'm using formsAuthentication and as an admin user to the site i would like to be able to sign another user out. Is this possible ? ...
I have this existing environment: 1) ASP.NET 3.5 web application 2) forms authentication with the SqlMembershipProvider I need to add the following: 1) a Silverlight charting object embedded in a web page. 2) a WCF service to be consumed by: a) the Silverlight component embedded in an authenticated web page...
I am trying to set an auth cookie in OnAuthorization of my custom attribute in asp.net mvc(C#) application. when the session expires(New Session), i am setting an auth cookie again to make it available until the users logout. I have used the following to set the auth cookie, //set forms auth cookie FormsAuthentication.SetAuthCookie(s...