forms-authentication

How does asp.net know not to apply security to login.aspx? Reverse proxy is giving me issues.

Hi all, I've got an asp.net app that uses forms authentication that denies anonymous users. It's working fine if i access the server directly, however if i access it via a reverse proxy it does not seem to work so good. What happens is the reverse proxy sends you to the default page, then gets redirected to the login.aspx page because ...

Asp.Net forms authentication redirects to .../myapp/default.aspx instead of .../myapp/

Hi, After authentication, asp.net redirects my users to .../myapp/default.aspx instead of .../myapp/ Is there some way of fixing this? I think it's a little ugly not to mention redundant to contain the extra default.aspx on the url. I've tried putting the following code in my default.aspx.cs page_load function, but it results in a red...

.NET Forms Authentication and CurrentContext.User

If I call FormsAuthentication.SignOut(); with a user logged in (with createPersistentCookie set to false on sign in) should I expect HttpContext.Current.User.Identity.IsAuthenticated to be false? It isn't, and Identity.Name still has a value. Is this right? If this is normal behaviour, what do I need to do to remove all trace of...

Silverlight 4 application crashing rather than throwing exception

I have been using Shawn Wildermuths example and it has been working fine no problems at all. Today, however, I have added a few of my own Models and ViewModels and it still works. Problem appears when I start to add the attribute [RequiresAuthentication] into my DomainService. Although the code has exception handling, it prefers to cr...

What is a very simple authentication scheme for Sinatra/Rack

I am busy porting a very small web app from ASP.NET MVC 2 to Ruby/Sinatra. In the MVC app, FormsAuthentication.SetAuthCookie was being used to set a persistent cookie when the users login was validated correctly against the database. I was wondering what the equivalent of Forms Authentication would be in Sinatra? All the authentication...

How to combine Forms and windows authentication on IIS 7 asp.net 4?

Hi, I've really tried everything know...I think. =) I used this old article to some succes: http://msdn.microsoft.com/en-us/library/ms972958 Locally on my machine it seems to work for myself, but noone else gets verified by windowsauth. I then tried to set it up on a Server2008 R2 and doing all the IIS settings as in the article. For so...

Location access in ASP.NET

I have admin area of my site: http://www.mysite.com/webadmin and I want to protect it by role (I'm using ASP.NET forms auth), so that only a user with the role "admin" could access it. In web.config I added this entry: <location path="WebAdmin"> <system.web> <authorization> <deny users="*"/> <allow r...

Second layer of authentication in ASP.NET MVC2 application

We have an ASP.NET application that's partly in MVC (the rest of it being a legacy webforms-based CMS). The application is authenticated via Forms Authentication, although any user accessing it from a specific set of IP addresses are automatically assigned to a "special" user. We currently have a child application that we would ideally...

Form Authentication on Purely HTML pages

Hello! I am using forms authentication in IIS7 to password-protect a dev site, but the authentication seems to get by-passed when the site contains only static HTML files + login.aspx + web.config. When I renamed the files to .aspx, I am prompted with the login form I am not doing anything fancy. I have a very simple login script and i...

How to read cookie that written in login method ?

If the login code int http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket(v=VS.90).aspx we will found that they create cookie as below new HttpCookie(FormsAuthentication.FormsCookieName, encTicket) I want in another code to read this cookie and check it .. how can i do although i don't know the nam...

How to post form to my server and then to API, instead of posting directly(for security reasons)?

There is an integration with an API for conducting live online classes. The API wanted us to post a form to their site along with a parameter called customer_token as an input field. It is used for authentication by the API and every customer site is assigned one token. The customer token is actually some hashed value of the domain name...

form authentication by using two different machine

Hello, i want to use form authentication.i have 2 different application.both are at different machine.i want to use common form authentication. suppose i have 2 application called "app1" and "app2". There is one form called CElaunch.aspx page in app2.and i want to use this page in app1. we cant navigate the this page directly ...

Web.config Location element functioning incorrectly

Hi, Environment: ASP.NET 3.5, C#, Forms Authentication, IIS 6 Problem details: I have a web.config file set up with forms authentication and the following are the location element, as appearing: <location path="Home/Common"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> <...

Thread.CurrentPrincipal claims incorrectly to be anynomous

I'm seeing requests on my server that appear to be made by an anynomous client, although I'm certain they were made by an authenticated user - I have fiddler logs showing that the client sent valid asp.net auth cookies, and server logs indicating that the cookie arrived and is valid. The problem has been observed across all browsers. T...

Forms authentication failed for the request. Reason: The ticket supplied has expired.

I cannot connect at all using forms authentication because i get the following message: Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. Event time: 8/31/2010 3:35:58 PM Event time (UTC): 8/31/2010 12:35:58 PM Event ID: b566569a3ac244928af9585691f997ef Event seque...

User impersonation with asp.net forms authentication

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that ...

Non-SharePoint site redirects to SharePoint login screen when accessed over SSL

I have a MOSS 07 FBA site at https://fba.mydomain.com. I have a classic ASP site on the same server at https://asp.mydomain.com. When I access https://asp.mydomain.com in the browser, it redirects to the login form at https://fba.mydomain.com/_layouts/login.aspx. This is very strange. The two things are completely different sites in IIS....

Allow access for unathenticated users to specific page using ASP.Net Forms Authentication

I am using ASP.Net Forms Authentication. My Web.config looks like this. <authentication mode="Forms"> <forms loginUrl="login.aspx"/> </authentication> <authorization> <deny users="?" /> </authorization> So currently every aspx page requires authentication. I want to allow access to even unauthenticated use...

How do I customize the Forms Authentication cookie name?

I have 2 websites running on localhost in different ports. As browsers do not differentiate port numbers when sending cookies, my forms authentication ticket from one site is being sent to the other How do I solve this? I thought that a good solution would be to change the forms authentication ticket or one of the websites but I don't k...

RequireHttps attribute redirecting to wrong port

I'd like to stick with the attribute as it is simple. Apparently VS2010 development server supports HTTPS as it worked without problem which was nice. I followed the login link, was redirected to 443 and presented with a cert. I entered my credentials and submitted. Then I was redirected to standard port 80 instead of the static port I...