I'm trying to understand this so I can do something similar. I know: buf contains an authentication key with a hash appended to it (the last 20 bytes) The HashData that's being looked up in the MachineKeySection is SHA1 length -= 20; byte[] buffer2 = MachineKeySection.HashData(buf, null, 0, length); for (int i = 0; i < 20; i++) { ...
Is it possible to authenticate users across sub-domains when the authentication takes place at a sub-domain instead of the parent domain? For example: User logs into site1.parent.com, and then we need to send them to reporting.parent.com. Can I authenticate them to the reporting site even though the log-in occured at a sub-domain? S...
I'm building a small website which will have FBA enabled (SqlMembershipProvider) and I want signup to be as simple as possible, just a prompt for username (email address) and password. How do I remove the security question from the create user control? ...
I'm working on a website with an internal and an external section. The users for both sections are different so they require a different login page. I wanted to configure the authentication differently for both folders, but ASP.Net but it's not allowed. Example (in my main web.config): <authentication mode="Forms"> <forms loginUrl...
I'm creating an application that will get the contents of a cookie storing a forms authentication ticket from .net. That part is done. In that ticket is an expiration time, by default 20 minutes. So the scenario is, a user logs in and is validated on the .net side. Then they are redirected to my PHP app. I get the username, ticket expi...
I have an instance of SQL Server 2005 Reporting Services that is outward (internet) facing. I want to enable Forms Authentication using ASP.NET 2.0. Several web sites discuss how to configure this to work, but none of the instructions lead to a completed solution. Does someone have consise instructions that are easy to follow and will ...
I have as ASP.Net 2.0 website with SQL Server as database and C# 2005 as the programming language. The website is almost complete and all the links are working fine. But I want to prevent normal users from opening a couple of pages. When any user clicks on those specific links, another page opens which contains a ASP Login control. The u...
We're working on a SSO solution that allows users to log in via .net and then end up at a PHP app. I'm working on the PHP end, and after much work, I've decoded, parsed, and otherwise done things to the cookie that .net sets with the username and ticket expiration date. At least I think I have. My difficulty now is that the .net develo...
We have a scenario in which we like to detect when the user has left our site and immediately expire their .Net session. We're using Forms Authentication. We're not talking about a session timeout, which we already have. We would like to know when a user has browsed away from our site, either via a link, by typing in an address or follow...
I have built custom Membership and Role providers. Users are some clients that belong to the company and I am using Company as a Role. I would like to create SharePoint Group and add more companies to it (for example type of industry) and then do redirecting and security by the SPGroup. How do I retrieve SPGroup for the current logged...
Hi, I have an ASP.NET 2.0 web application(C#) where I wanted to enable Single Sign On. I want only certain users to have access to all the pages, but others to only see a few pages. What changes do I need to make to my Web.config file, and what code would I need in my code-behind for the pages? Thank you ...
Hi folks, i noticed that a forms authentication element has an option child element called Credentials. MSDN Online explains what it is, here. That said, i don't understand what it would be used for? So i can add in a username and password (either clear/md5/sha1) to the config file.. but how/when is it used? Is that an example of har...
I've successfully implemented and configured the AuthenticationService and ProfileService on MyWebsiteA. I created MyWebsiteB and added service references to the AuthenticationService and ProfileService on MyWebsiteA. On one of my pages I call the Login() and it returns true, however If I then try the ProfileService.GetPropertiesForCurre...
We have found an issue in our app where Safari on the Mac randomly recreates a login cookie from a logged off session. I have a fiddler archive with this behaviour here. Note that some stuff has been removed from this to make it easier to get, but nothing which sets a cookie or anything has been taken out - only repetitions of requests...
Hallo, i have created a web site with Asp.Net by using Sql Membership Provider, sitemap and security trimming enabled. Based on these i have set web.config files into directories for allowing or not the users access according to their roles. After some time i removed the MembershipProvider and i creted by hand the "standard" login proc...
I'm creating an ASP.NET web application which I want to secure with Forms Authentication. When the application is run for the first time, I want it to create a default administrator account so that the owner is able to log in and configure the application. I managed to get something working for this by running the following method fro...
Hello, I am not sure how to phrase a good question, so I will just say what I am after! I have to retool a web application for our vendors and part of that requires restricting content on a vendor by vendor basis. Looking at ASP.NET (MVC) this seems easy enough using the built in Authorization Filters and the IPrincipal and IIdentity ...
I'm using forms authentication for an app that allows users to register but not active. We will send out an activation code via snail mail (long story) and the user can return with that info and activate their account. I want to create a page where the user can come back and enter their username, password and generated key to activate ...
Using this method after the SignOut() call redirects to '...login.aspx?ReturnUrl=%2fmydomainname%2flogout.aspx' so that the user can't log back in again, since a successful login returns to the logout page. The login page is set in webconfig and the app successfully gets that page. Why would a ReturnURL be stuck on the tail of the URL? ...
In the implementation for my service I have: [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)] In my .config file I have: <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> and: <system.web.extensions> <scripting> <webServices> <authenticationService ...