forms-authentication

What is the purpose/meaning of the Version property on a FormsAuthenticationTicket?

What is the purpose/meaning of the Version property on a FormsAuthenticationTicket? ...

ASP.NET Login Page Styles

I have created a user login page and am using Forms Authentication. Users are required to log into the system to use it, there are no anon pages. When the go into the system and get automatically redirected to the login page though, they loose all styles on the page. It is as if the paths to all the css files is incorrect. For all other ...

Avoid losing PostBack user input after Auth Session has timed out in ASP.NET

I have a form that sits behind ASP.NET forms authentication. So far, the implementation follows a typical "out of the box" type configuration. One page allows users to post messages. If the user sits on that page for a long time to compose the message, it may run past the auth session expiration. In that case, the post does not get r...

ASP.NET Login to a Website with Forms Authentication vs None

Hi folks, I've got a stock standard ASP.NET website. Anyone can read/view any page (except the admin section) but when someone wants to contribute, they need to be logged in. Just like most contribution sites out there. So, if i have my OWN login control or username/password/submit input fields, why would i want to have forms auth tur...

ASP.NET Membership: Login Controls Source Code

Is the source code for the common login controls available? Those are the controls which are available under Login section in Toolbox: Login, LoginView, PasswordRecovery, LoginStatus, LoginName, CreateUserWizard, ChangePassword Eventually could you point me to a good source of custom implementation of functionality that those ...

Forms Authentication timing out when it shouldn't?

I have a problem with an ASP.NET application that is driving me nuts. When a user leaves a page inactive for a period of time the session was timing out and error were being thrown due to session variables not being resolvable (I will error trap this anyway but this is not the problem). I coded a 'defribulator' which will perform an inv...

Revoking authentication and redirect to login page after FormsAuthentication have authenticated the user

I need to revoke an authentication cookie if the user no longer exists (or some other condition), after the forms authentication mechanism already have received the authentication cookie from the browser and have validated it. I.e. here is the use scenario: The user have been authenticated, and granted non-expiring auth cookie. In a fe...

SharePoint (MOSS 2007) successful forms authentication redirects to machine name

I have a SharePoint site extended for forms authentication. The Active Directory site is example.com and the forms authentication site is forms.example.com. When I type my (forms) username/password I get redirected (302) to the machine name (moss-01) like so: http://moss-01/. If I type http://forms.example.com/ into the address bar I ...

Forms Authentication / Reporting Services - Getting the Username

From what variable can you pick up the username from Forms Authentication in Microsoft SQL Reporting Services? The User!UserId value comes back as the Windows Account that reporting services is running under. ...

Allowing access to specific pages with ASP-MVC and Forms Authentication

Here is a simple overview of my directory layout for my views: Project Page 1 Page 2 RSS Issues Page 1 Page 2 RSS I am using forms authentication to deny access to all unauthenticated users, that works fine. However, I want to be able to grant access to the RSS views to everyone (so they can subscribe via google reader and stuff...

How to redirect to a dynamic login URL in ASP.NET MVC

I'm creating a multi-tenancy web site which hosts pages for clients. The first segment of the URL will be a string which identifies the client, defined in Global.asax using the following URL routing scheme: "{client}/{controller}/{action}/{id}" This works fine, with URLs such as /foo/Home/Index. However, when using the [Authorize]...

How can I unit test my ASP.NET MVC controller that uses FormsAuthentication?

I'm working with a ASP.NET MVC solution in a test driven manner and I want to login a user to my application using forms authentication. The code I would like to end up with in the controller looks something like this: FormsAuthentication.SetAuthCookie(userName, false); My question is how do I write a test to justify this code? Is th...

Visual Studio 2005 - Add webreference fails for secured webservice

Hello, I have a webservice (asmx file) in a directory requiring form authentication When I try to add the WebReference through VS2005 - I get the following error: The request failed with the error message: -- <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/webchat/login.aspx?ReturnUrl=%2fwebchat%We...

Forms authentication + ASP.NET MVC absolute ReturnURL

I have a central authentication application on server a. Server b has one or more applications on the same domain that need to authenticate from server a. It's easy enough to set it up so that the server b apps redirect out to server a. What's not so easy is getting the ReturnURL to be absolute. Here's the wrinkle. Consuming app on serv...

ASP.NET: Permission/authentication architecture

I looking into building authentication in my ASP.NET application with the following requirements. A user has exactly one Role (i.e. Admin, SalesManager, Sales, ....) A role has a set of permissions to CRUD access a subset of existing objects. I.e. "Sales has CREAD, READ, WRITE permission on object type "Products" but not DELETE" Someho...

Extending Forms Authentication Timeout When Making AJAX Calls With jQuery

I'm looking to rewrite a pretty intensive CRUD type ASP.NET page to utilize ajax calls (specifically jQuery ajax). My concern in doing this is that the user may be on this page longer than the forms authentication timeout. Because of this, I'm thinking that I should extend the forms authentication ticket with each ajax call (basically ...

FormsAuthentication.SignOut() does not log the user out.

Smashed my head against this a bit too long. How do I prevent a user from browsing a site's pages after they have been logged out using FormsAuthentication.SignOut? I would expect this to do it: FormsAuthentication.SignOut(); Session.Abandon(); FormsAuthentication.RedirectToLoginPage(); But it doesn't. If I type in a URL directly, I c...

How can I hook into the current FormsAuthenticationModule in a Medium Trust environment?

I've got an HttpModule in my application that hooks into the FormsAuthenticationModule's Authenticate event with the following code: public void Init(HttpApplication context) { FormsAuthenticationModule faModule = (FormsAuthenticationModule)context.Modules["FormsAuthentication"]; faModule.Authenticate += new Form...

ASP.Net Forms Authentication Logging out users after 10 minutes.

I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes. I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1. The client is Internet Explorer 7.0 Below are the web.config settings: <!-- Au...

Page only posts back with Fiddler attached?

I have Reporting Services set up with Forms Authentication. Our app is sitting over Reporting Services and uses it's authentication extension as a Single Sign On. We have a simple logon page that we've got working in the past but on this one machine it refuses to post back when the logon button is clicked. I have Trace information inser...