I have a WebApplication on asp.net 2.0 with namespace Admin. I have Form Authentification mode for the project. <authentication mode="Forms"> <forms name="ASP_XML_Form" loginUrl="Login.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="AutoDetect...
We have a scenario using asp.net Forms Authentication in a web farm and need to setup identical <machinekey /> sections on each servers .config file. Is it better to store the <machinekey /> section in machine.config rather then web.config? what's the advantages and disadvantages of each approach concerning security? <machineKey valida...
I'm using Tomcat 6.0 as a webserver, and I want to know how can I run login page over https protocol? I've implemented form based authentication correctly with NONE as value in tag, but when I changed <transport-gurantee> tag with the value CONFIDENTIAL, my browser is not able to display the page and returning an error: Firefox can'...
I have a web app using forms authentication and I have restricted a folder so that only those with an administrator role can access it. I am controlling all of this through the web.config file and adding the proper location tags to restrict access. Currently the application is working fine. If I am logged in as a user and click the link...
I have a page, URI looks like this: http://domain.example.com/Profiles/Profile.aspx?username=blah#blahtab When that fragment (#blahtab) is present, some jQuery picks up on that and displays a different section of the page initially. However, that page requires a user to authenticate first. Coming back from the authentication step us...
Hi I have a form realm authentication with which i am securing a directory "secureUser" well my question is: - How i can redirect the user once logged in to the requested page the details: - now i can log on a user using this (login.jsp) <form action="j_security_check" method="POST" id="login_from"> <p> <input ty...
In our website, we add a log whenever a user logs in. Now we add the log just before it goes to the home page. But, suppose when the user is not logged in and try to hit any url other than the home page or default page. At that case the ReturnUrl is that page in login page. So, after the login it goes to the requested page instead of hom...
I have tried to set up .Net authentication to allow authentication across subdomains in my app. To do this, I added a "domain" attribute in the forms element, like this: <forms domain=".mydomain.com" name=".MyApp" loginUrl="Util/login.aspx" timeout="120" /> Then, for the role provider, I added a domain to that too: <roleManager doma...
My web app is using .NET 3.5 framework, VS 2008 with a SQL Server database. I am using Forms authentication and the generic login to validate user access to the aspx pages. Is there a way I can pass the user's form auth credentials (different from their Windows login) to the sql server connectionstring so that their database permission...
I am building a simple cms in which roles are set dynamically in the admin panel. therefore the existing way of authorizing a controller method - [[Authorize(Roles=”admin”)] for example, is no longer sufficient. The role - action relationship must be stored in the database, so that end users could could easily give/take permissions to ot...
Hi, I have a situation where ideally I want to be able to log-in to a secure area using a Java application. I would like to make an HTTP request and check the response to see if I need to do some kind of authenication before I can actually get the response expected, instead of effectively some login page. The complication is that the ...
Hello, I have a website that uses basic ASP.Net forms authentication. In the web.config file we specify specific access rules for individual pages and directories. Everything works great. However, now I have some new requirements. My domain contains many different sites setup among different subdomains. I have two DNS subdomains th...
I'm writing an ASP.NET MVC application that uses Forms Authentication. The target clients are a variety of mobile web browsers. When I use the BlackBerry 8530 simulator my MVC app authenticates as expected. I can visit pages whose controller methods are decorated with the [Authorize] attribute - no problem - they display and therefore I...
Hi, I was hacking on a website, and found that the original authentication model is Forms Authentication to login this website's members... and I need to integrate another service (say OpenID, Google Connect, Facebook Connect... etc.). How can I programmatically authenticate an external user on my website, knowing that he has been authe...
I have a scenario where a user will have access to a one-time-url. When the user clicks on the URL, specific files will be available to that user. I have many files on the site but would only like certain files to be accessible by that user. I have though about generating an authenticated cookie and using forms based auth and applying ...
Is it possible to disable all authentication in a subfolder of a web site that is Forms Authenticated? How do you accomplish this? ...
I have an admin site set up as a virtual applcation inside of another website. I would like visitors to the sub directory (the virtual application) to be promtped for credentials using the same Forms authentication set up on the main parent site Have tried all sorts of things but can't get it to work, including Removing all <authentic...
I am converting a personal site over to MVC 2 and I have been using Forms Authentication against a SQL Server DB. Curious if the standard MVC 2 template will just automatically work if I upload it to the server. I have added the connection string to the web.config. I'm thinking it will work but wanted to see if anyone's done this. ...
My site allows anonymous users. I saw that under heavy load anonymous users get sometimes profile values from other users. I first delete my cookies and get a valid unique value in the cookie value .ASPXANONYMOUS. After a couple of requests I get a new value for .ASPXANONYMOUS which is already used by another user. I see in my loggs tha...
My website has forms authentication, and all is well. Now I want to create a subdirectory and have it also password-protected, but! I need the subdirectory to use a completely different set of logins/passwords than the whole website uses. Say, for example, I have users for the website stored in the "Users" table in a database. But for t...