forms-authentication

Is it better to convert existing user accounts for them or have the users re-register?

I'm rewriting a website and going from a home-grown authentication model where users logged in with their account id (numbers) and password, to .NET FormsAuthentication where users will login with a username that they choose (or is available) and a stronger password. There are over 38K existing accounts and I'm trying to decide if the ex...

Detecting authentication timeout in handler and redirecting entire page to login page

I am writing an application where by someone can edit paragraphs on a web page. jQuery is used to send and receive the edited paragraph data to a handler, which saves it or reads it from a database. The problem is that if the forms authentication has timed out, I get the login page back from my handler. Is there any way I can detect a...

Adding columns to the CreateUserWizard control using FBA

Hi- I'm wanting to create a user account creation section for unregistered users on our internet site. I want to ask the same questions as the CreateUserWizard control but have a few changes. I want the question to come from a question lookup table in SQL. The user will have a dropdown of available questions and I'll store the questionid...

Using VS2008 built-in testing framework against ASP.NET pages with forms authentication

I would like to write some tests (the kind built in to Visual Studio 2008) against some ASP.NET pages in a forms-authenticated site, but I'm hung up on getting past the login page redirect --- I keep getting back a page of type ASP.login_aspx instead of the one I'm calling. Ideally, I'd like to have the test run while actually logged in...

Test for authentication from client using asp.net and ajax

From the client, is there a way to get a true/false value from an asp.net page to show you have authorization to access the page. Using Forms Authentication I get redirected to a login page. I just need a simple boolean. Aaron ...

ASP.Net: Authentication via Browser's Login Window

I have what appears to be a fairly common scenario: I have a database that contains a list of users/passwords, and ideally, when someone visits the site, I'd like to use their windows name (internal), otherwise whatever name the user provided (external). My main question is how do I send a response to the browser forcing it to prompt f...

Is (HttpContext.Current.User != null) enough to assume that FormsAuthentication has authenticated the user

In an ASP.NET (2.0) application I use FormsAuthentication. In the Global.asax / Application_AuthenticateRequest method I check if HttpContext.Current.User is null. Is this enough to know if the forms authentication cookie exists, the ticket is not expired, and overall, that the forms authentication mechanism has done its job to validat...

MOSS FBA never asking for creds

I've set up FBA on an extended site, added a user, verified the central admin can read the users (people picker works fine). The problem is no matter what I try I never get asked for credentials, just get a "You are not authorized to view this page". I have a feeling its something in IIS but I've added all anonymous accounts I can think...

Using ASP.NET Ajax to call WCF over SSL

I am calling WCF from an ASP.NET page using ASP.NET Ajax. I am using Forms Authentication to secure the website. Everything was working as expected through development until it was deployed onto the production server then I started getting javascript errors because the service could not be found. The production server is using SSL so I...

ASP.NET Forms auth - gettings user data

I'm using forms authentication on a very small ASP.NET web app (Web Forms) in which I want to store additional info about the user in a separate database table. This is then linked back to the aspnet_User table and I was figuring the best column to link to is the UserId column. Problem is I can't work out how to get this piece of data w...

Event to capture when a formsauthenticated user is un-authenticated

I'm basically looking for the event that is the opposite of FormsAuthentication_OnAuthenticate. I want to remove some values from the database when a user logs out. I tried putting it into the Session_End event, but it seems that the user is already gone by the time this executes. Update: If I can't determine when a specific user is d...

CreateUserWizard- How to verify data against db during wizard?

I'm using the asp.net CreateUserWizard control. I've added a WizardStep and need it to verify 3 datapoints against our internal database before allowing the user to create an account. However, when I try to wire the next button click to a codebehind method to check the data, the event never fires in the codebehind. Below is the code on...

Reduced functionality using forms authentication (FBA) in SharePoint

I’ve got a moss document centre website with FBA and AD authentication enabled. After creating a picture library I seem to have reduced functionality when accessing the site through the FBA URL. I’ve compared the web.config files from each IIS website and they are the same (apart from added FBA information that's required). Here's two...

jQuery Forms Authentication with ASP.NET MVC

Is it possible to use a jQuery ajax call to perform Forms Authentication with ASP.NET MVC? I've been unable to find any such examples. More specifically, how do I set the auth cookie on the page (without a redirect) so I can make successive authenticated ajax requests? ...

Forms Auth - How to prevent dupe user account knowing only extended user information?

I'm in a bit of a strange dilema. Please bear with me as I try to explain it! I'm using forms authentication and am storing additional user information in another table (referenced UserID from Forms Auth, encrypted SSN, Salt value). When users register to the site, I ask SSN, DOB and LName and verify against our system before they crea...

Windows Sharepoint Services (WSS) and Forms Authentication - Passing those credentials to other ASP.NET Forms Authentication Apps

Sorry for the poor title here :) I have my WSS configured for Forms Authentication. I'd like my users to land on the WSS login page, log in, and then provide them links to other ASP.NET apps which also are configured for forms authentication. I'd like to achieve a single-signon-ish solution (the reason I say "ish" is I'm not looking ...

Custom .NET authentication, membership, profile provider for portlets?

I am wondering if it is possible to leverage the Authentication, Membership, and/or Profile provider features in .NET to help integrate .NET web apps into my company's enterprise portal. In a nutshell, the portal sends custom header values to any application that is 'behind' the portal for fields like the username, user profile data, an...

Why did ASP.NET generate the same cookie key for a domain and subdomain?

Bug: I've got an ASP.NET web application that occasionally sets identical cookie keys for ".www.mydomain.com" and "www.mydomain.com". I'm trying to figure out what default cookie domain ASP.NET sets, and how I accidentally coded the site to sometimes prepend a "." to the cookie domain. When 2 cookies have the same key and are sent up f...

How do I tell if a user account is already logged in using ASP.Net Forms Authentication?

Our SSO login process uses Forms Authentication against a custom user store in SQL Server. One of our new security requirements is to only allow an account to have one active session at a time. So any time a user logs in, we will check to see if the login credentials are already active, and preferably prevent the new user from logging i...

Forms Auth-pwd recovery-I'd rather the user reset it on the web and not send email

Question 1 - I'm wanting to give the user the ability to reset their password only without an email and generated password. The user verifies themselves against our internal database by a custom form a wrote. Then, I'd like to prompt them for username and security q&a. I don't know how to do the security QA so i decided to customize the...