The session state timeout is set using this web.config element <sessionState mode="InProc" cookieless="false" timeout="120" /> The forms auth is configured using this web.config element <system.web> <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="30" name=".A...
I understand there are 2 ways of excluding pages from forms auth. Either by using another web.config file in the folder that has pages that need to be excluded or by using the location element <location path="ExcludePage1.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system...
So, I have a page that I want only anonymous users to see, and authenticated users to be redirected. So, like this: <location path="Login_ForgotUserID.aspx"> <system.web> <authorization> <allow users="?" /> <deny users="*" /> </authorization> </system.web> </location> The problem is, whe...
Hi I work for a company with multiple public-facing web sites. Some of these sites are built using third party products (Moveable Type, myBB, Trac and others). We also have a couple of bespoke sites built on the Microsoft stack. Currently, we have no unified authentication/authorisation solution; each site implements its own user sto...
I'm running the latest version of YetAnotherForum in a folder beneath my main WebApplication. The subfolder is configured as an application in IIS and navigating to the folder and logging in works wonderfully. YAF is setup with a membership provider and uses Forms Authentication. What I'm trying to do now is to auto login a user into th...
I have an application running under WebLogic that is using standard forms authentication. The login page is a JSP that presents the login form that will post to j_security_check. So as you would expect, when a user tries to access a page but is not yet authenticated, they will be redirected to the login.jsp. My question is, how can I ...
We have several asp.net MVC apps in the following setup SecurityApp (root application - handles forms auth for SSO and has a profile edit page) Application1 (virtual directory) Application2 (virtual directory) Application3 (virtual directory) so that domain.com points to SecurityApp and domain.com/Application1 etc point to their associ...
Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action. Eg if(userIsAuthorized) { //do stuff } else { //return to login page } I believe I am using 'Forms Authentication' This question is kind of similar to this but none of the answers given seemed to work. EDIT...
I have a code which allows you to download any file from server to your local host. This code works fine when i log in as administrator but when i log in as guest user it does not let me download.. and i get an error message saying.. External component has thrown an exception. Description: An unhandled exception occurred during t...
Is it possible to programatically authenticate a user using NTLM (on asp.net)? I would like to have control over the look and feel of the website where I would have a form that users enter their username/password. I would then query NTLM to validate the provided information and if valid, redirect them to a virtual directory? ...
I would like to do som extra processing whenever a user is signed out from forms authentication. According to this MSDN article there is a FormsAuthentication_OnAuthenticate event but I need something like a "FormsAuthentication_OnSignOut" (Which doesn't exist) Any ideas? /J ...
I've never had this problem before, I'm at a total loss. I have a SQL Server 2008 database with ASP.NET Forms Authentication, profiles and roles created and is functional on the development workstation. I can login using the created users without problem. I back up the database on the development computer and restore it on the product...
I have developed a web app using asp.net mvc. I've deployed it onto the server and experiencing a problem I didn't get when developing the website locally. When I log into the website I navigate through and its fine. However if I leave it a while then try and navigate again I am logged out and redirected to the login page. I'm using th...
Hi, We have a similar problem. We have a web application running under default appdomain. It was working fine until a week before...Suddenly it has encountered a problem. Below message is taken from event logs. Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. Applic...
My group builds internally hosted ASP.NET MVC websites with forms-authentication. I'd like to host a WCF service in the same virtual directory as an ASP.NET MVC website. My Question: How do I make the WCF service freely accessible, that is without forms-authentication. My current predicament is this: I can access the .svc a...
I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the user object is created, the authentication cookie is added to the response: 'Custom object to grab the TLD from the url authCookie.Domain = myTicketModule.GetTopLevel...
We have a library of ZIP files that we would like to make available for download at an ASP.NET site. The files are sitting on a NAS device that is accessible from out web farm. Here is our initial strategy: Map an IIS virtual directory to the shared drive at path /zipfiles Users can download the zip files when given the URL However...
Stackoverflow uses OpenId as many other websites. However, I rarely need to provide my OpenId to Stackoverflow while with other OpenId enabled websites, I have to do it once a day or week. This suggests to me that the expiry of the session is with the website and not the OpenId provider. Looking at the DotNetOpenId code in ASP MVC, I c...
I would like to create a login page using ASP.NET. I don't want to use the ASP.NET login control. How do I do this? ...
I have the code below on a login page. I'm using this to set the login timeout by customer. In IE8 I'm running into the problem that if a user opens another browser window, then logs out in the first window, when they relog back in they get bounced back to the login after a single page (every time). If they don't open another browser, e...