Hi, I'm slightly puzzled with what should log out a user. At the moment I have a session timeout set to 20 minutes and I thought that once the session expires the user should be logged out. I can add a code that will do that on a session_end. I came across a form authentication timeout in a web.config. Currently it's set to 48 hours...
So, I've implemented my IPrincipal.IsInRole(...) and I'm using FormsAuthentication like so: <authentication mode="Forms"> <forms loginUrl="Login.aspx" name="someName" timeout="600"/> </authentication> Then I have a page that requires you to be authenticated and that you have "roleA". This is configured like so: <location path=...
When a users login token has expired (ie. they have been logged out) on a page that has AJAX enabled content, if they select a AJAX link on the page it will appear to complete succesfully. However this is not the case. The content that was returned to the page is the Login Redirection. Is there any way to have the AJAX call redirect to t...
Hi, folks, I need to be able to login to my gmail account, then i get cookies and will have access to other google services. But i can't login to my gmail(or any goolgle) account. I found some posts on this site how to do it, but none works for me. i do : string formUrl = "https://www.google.com/accounts/ServiceLoginAuth"; ...
I’m running IIS 7.5 in integrated mode. I’m trying to use forms authentication with non Asp.Net apps, like static html pages. So I’ve configured web application as virtual directory WebApp and then configured forms authentication through IIS management console, which automatically added web.config file to WebApp directory. I’ve also: • ...
Hey guys. So... I've got a MOSS 2007 set up with forms authentication. I've also set up some roles with some users attached to these roles. Now, when I add a role to a site (site settings-> People and Groups) and I choose to send a welcome email, the users attached to that role don't receive an email. Is this even possible in MOSS 200...
I’ve encountered a situation where I need to be able to lookup a user by their active directory name. I’ve tried looking for the user in the SPSite.Users, SPSite.AllUsers and SPSite.SiteUsers properties, but the user isn’t guaranteed to be in any of those lists. For users who gain permission to the site via an active directory group th...
Update: I finished my app using NerdDinner 1.0 as a starting point. NerdDinner 2.0 had a more robust AccountController so I line for line did a complete replace of my AccountController v1. It was at this point that I started having login issues with FireFox (confirmed with a revision rollback). There are several differences on the whole ...
I have an asp.net 2.0 (.net3.5) website on II6. It is setup to use forms authentication. I have set up "aspnet_isapi.dll" as an entry in the "Wildcard application map" in IIS so all requests would go through asp.net. In web.config I have disallow all anonymous user via the following setting: <system.web> <authorization> <den...
Updated: Thanks to the help here I've created the following solution: public class CustomAuthorize : AuthorizeAttribute { protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { // Returns HTTP 401 - see comment in HttpUnauthorizedResult.cs // If user is not logged in prompt ...
I am using forms authentication in a MVC 2 project. I have this in my web.config: <authorization> <deny users="?" /> </authorization> I want the /Content folder to be available to users that haven't been authenticated yet. The login view uses the css in that folder, which should be available at login time. Thanks ...
So we have been using the same login gode to connect to various domains in asp.net, with and without MVC. The code works. We have a new server, first one to run server 2008 r2, set up with a directory structure similar to one of the ones that has been working. Using forms authentication, I set up in the web.config <add name="ADConnect...
So, I have web apps with web.configs like so: <authorization> <deny users="?"/> </authorization> ... <location path="SomeUnsecuredPage.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> In other words, most pages require authentication and authorization, but some don't...
In my login page I'm using FormsAuthentication.RedirectFromLoginPage() to redirect to Home page after the user is validated. But it doesn't seem to obey CreatePersistenceCookie parameter. I have searched in Google and modified my Web.Config but still Remember Me functionality does not work. this is my sample code structure (using asp.ne...
We have a ASP.NET site that partially depends on forms authentication for login credentials, however the implementation of IPrincipal is completely custom. But, when running the site on a particular server (which is somewhat semi-hardened when it comes to security), the app crashes when invoking IPrincipal.IsInRole() with the following ...
In ASP.Net, is there ever a reason to flatly make your own authentication instead of using Forms Security(and writing a custom provider)? What limitations exist to Forms Security and why would someone want to write their own authentication? ...
I've a web site that uses forms authentication. For the most part, my web site requires authentication to do anything. My privacy statement page is an exception and has to be accessible to anonymous users. The page is in a folder, and I've set the location path information in the web.config as follows: <location path="about"> <syst...
What is this garbage in the URL? After login I am directed to: http://localhost:1337/%28F%2883mI1fhnT6Sm1XopiPcErGYaqCafgnoSL_hgFJi9u7MwncoR98KOirf8GuqRVFfAbZN9mR1IH6W8LQQIeHTd4NcR5BKHAVvZrmcIoDTGTf01%29%29/ When I debug I see that in Global.asax as well as AccountController my userRoles/accessLevel are correctly being found and inserte...
Hi, I am using the FormsAuthenticationTicket and place the data and passing the data across all the pages. and it will work if we are not changing any data. So, now if i want to change the data and pass it for the cookie and encrypt then how to change the data progrmatically. please give me the solution for changing the data in HttpCoo...
In my MasterPage code-behind I try to get UserID of the authenticated (if it has) one: public Guid CurrentUserID { get { Guid userID = new Guid(); if (Context.User.Identity.IsAuthenticated) { MembershipUser user = Membership.GetUser(Context.User.Identity.Name); ...