Hey guys. So I created a custom feature with a receiver. Everything works fine and dandy - under a windows authenticated sharepoint application. The same web application has been extended to include a forms based authenticated site. Activating the feature on this site gives me a 403 forbidden error. Can anyone help me out here? It's ...
I'm currently using JSF 2 and icefaces framework for javascript I'm having some problems with j_security_check based on the url(that's not the point), that my taste is very strict my question is: Is there any better way of authentication, or some alternative? I find JAAS, but did not convince me because because the users are stored in ...
I'm building a site and doing all my tests on the built-in development server of Visual Studio. Things were working just fine but at some point my site stopped using cookies after logging in using forms. Junk was being placed in the URL string and cookies weren't being set. Session variables were being set but apparently those did not ho...
Hello all, So I am working on an iPad app that needs to talk to our company server to pull in some XML. In a browser, when the user tries to first navigate to the site, they are redirected to an SSO form that generates a cookie that is saved. Now my application may need to replicate this behavior and generate the cookie so we can pul...
I am making a ASHX handler call to get JSON object. How do I handle or redirect user to login page if forms authentication times out when calling ashx handler page? ...
I have some AJAX calls that render PartialViewResults via the jQuery.AJAX method. This works great, I get my views rendered exactly the way I want. The problem arises when I leave the page up for a while and the Forms auth session expires. When I click an action that performs an AJAX request, it shows the login page in my div. I want ...
This question is related to http://stackoverflow.com/questions/2185479/asp-net-forms-authentication-without-redirect only I cannot get it to work. MVC 2 changed its script files and they are now gotten as listed here: http://www.asp.net/ajaxlibrary/CDNAjax4.ashx Now I'm just shooting in the dark but trial and error has narrowed me dow...
Hi, Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx (basically, setting up identical <forms> sections in the Web.config, and keys in the <ma...
Hopefully you folks can clarify some of this for me. I have a web-application using the Sql Membership Provider and it talks to a second web-application through a WCF Service. Both applications share the same Sql Membership Provider datastore...but I need each WCF Service call to authenticate the user. Now, I've looked at a LOT of sam...
What is the best way to detect when a redirect to the login page occurs due to a forms authentication timeout in order to display a meaningful message? <authentication mode="Forms"> <forms loginUrl="~/Login" timeout="15" slidingExpiration="true"/> </authentication> ...
I'm looking for examle/tutorial showing implementation of both client and server side code. Client - simple html webform containg three controlls: username, pasword input and a submit button. Server - a program written in c/c++ that receives username and password from the client and verifies them(sql or simple file). ...
I use $_POST to read data sent through HTML forms to the server, narrowing down attacks exposure. How can I strengthen security, using some kind of tokens in the form? The tokens could be readable however with a sniffer..... EDIT * I agree the message above is generic...I'll try to give more details! Ok, a PHP/Server generates emails...
Alright, I don't know if anyone has tried to do this yet, however. I have a website lets just call it localhost. for now. I have a form on that page. however, I want to be able to skip the form, and redirect my data to the form by using the basic authentication method. for example: http://admin:admin@localhost would send the username an...
I don't know if this is an application configuration issue or an IIS issue. Please forgive me if this should be going on ServerFault. I have an ASP.NET MVC application (I think the MVC is irrelevant, but anyway). I am getting differing behavior, authentication-wise, on my Windows 7 development machine versus on my Server 2008 machine....
ASP.NET provides a basic set of Login Controls that integrate with the ASP.NET Membership and Forms Authentication providers. I wouldn't mind being able to skip re-inventing the wheel on this kind of functionality, but I'm wary that there may be security, performance or usability reasons to consider rolling my own. Are there? ...
In my web.config file, I have the following line: <authentication mode="Forms"> <forms timeout="25000000"/> </authentication> If I login to here SpectrumBridge and check the remember me checkbox, it puts a cookie on the local machine that expires in 50+ years. However, if I login to here UDIA, it sets an a cookie that says it wil...
Hi. I have my site setup like this: www.mysite.com subdomain.mysite.com (configured as an application) I then registered another domain, lets call it www.myothersite.com which redirects to subdomain.mysite.com using masking so that the address always remains www.myothersite.com/... Within the subdomain site I have a forms authenticati...
We've got some WCF services we're hosting via IIS. The application in general uses Forms Authentication, and we'd like to continue making that available for web service clients. We just have a <authorization><deny users="?"> in our web.config and some authentication/redirection goodness that gets everything done. The problem is we'd lik...
I've got a weird one. I'm using Forms Authentication and all works well on my development workstation, but when I post to the production environment authentication fails... but ONLY for Safari. It works great in IE, Firefox and Chrome, but not Safari. Anybody got any ideas on this? Thanks ...
We have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc). Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control. The client is redirected back to a pre-configured url on our original http web app when done. ...