Is there any way I can mock FormsAuthentication.Authenticate("username", "password") method with test credential? My test goal is to make sure that if authentication fails, it redirects to correct place. I'm using Rhino Mocks as mocking framework. Thank you very much for your help, ...
I've been developing an ASP.NET WebForms app that needed account login functionality (e.g. register new users, change passwords, recover passwords, profiles, roles, etc). To do this, I used FormsAuthentication with the default data store, which, to my surprise, is an MDF file in App_Data. When it comes time to actually deploy this app. l...
Is there a way to dynamically change the LoginUrl of FormsAuthentication? What I have is the whole site protected by FormsAuth, but for some pages in a sub folder, I'd like to take the user to different login page, and have FormsAuth handle the ReturnUrl stuff. Is that possible or do I have to write my own redirect code for the sub fol...
I keep track of the current logged in userID and base the behavior of my site on this value. My code sets the logged in user ID with this statement: FormsAuthentication.SetAuthCookie(UserID.ToString(), true); Subsequently, I read this value from Page.User.Identity.Name. This works fine on my desktop, but on my server, I set it to 8 a...
I've been looking at implementing a custom SQL Server-based membership provider and one of my problems is that the membershipUserObject is keyed on a GUID. Since I'm using an existing ID as a key to roles and user data, this presents an interesting problem. I'd like your opinion on which option -- or whether there's another option I ha...
I have a web application using cookieless forms authentication. Every day my event log has a ton of 4005 error codes (Forms authentication failed for the request). I believe this is happening because users are bookmarking pages while they are logged in so when they revisit the forms ticket in the url has expired, atleast this is the only...
We've noticed that it's possible to recreate a copy of an ASP.NET FormsAuthentication cookie on another machine, allowing the second machine to authenticate without needing to log in. One suggested solution to this has been to store the session ID within FormsAuthenticationTicket.UserData and to check that the two values match inside Ap...
To cut a long story short: As part of an online database access system I'm writing I want to use the new BLOB access features in SQL 2008 - this means I have to use Windows Authentication when logging into the SQL Server; however due to it's very nature the website front end to all this uses Forms authentication with the membership data ...
I have an ASP .NET web application which uses Forms Authentication. Let's call this application "Foo." I am creating another ASP .NET application called "Bar." What I want to have happen is the user logs into Foo, then clicks a link which takes them to a page in the Bar application. The Bar application should not require the Foo user to...
I have FormsAuthentication.SetAuthCookie("someName", True) as part of my custom login sequence. Later, I have some page only allowing a specific role: <location path="myPage.aspx"> <system.web> <authorization> <allow roles="SomeRole"/> <deny users="*"/> </authorization> </system.web> ...
Hi, I have a web application that currently only supports asp.net forms authentication. My user business logic currently is like: Users.GetUserByID(userID); Users.LoginUser(username, password); i.e. it is pretty modular and I hope supporting active directory won't be difficult. Is it possible for me to support both AD and forms? If...
I'm developing a web application that uses an in-house SSO server for authentication. I have a link on my home page to a page called Logout.aspx. Logout.aspx clears the Forms Authentication cookie, all session data, then performs a redirect to the LoginUrl specified in the forms authentication configuration which is currently set to a ...
Hello Im just wondering how to go about using FormAuthentication in asp.net In our project we are basing it on webservices, which returns an XML document on successful login with all the credentials we require. Whats the best way to store and access the information returned? Thanks EDIT: thanks for the response. I cant use the defaul...
Hi. I have this on my web.config file: <authentication mode="Forms"> <forms loginUrl="login.aspx" defaultUrl="Venues.aspx" /> </authentication> <authorization> <deny users="?" /> <allow users="*" /> </authorization> I only whant to alow authenticated users to my pages. The problem is the first time that I go ...
I implemented Forms authentication by creating Default.aspx and custom login page named login.aspx. If unauthenticated users brows to Default.aspx, they are redirected to login.aspx, and only if match is found for the supplied credentials, is user redirected to default.aspx. But when using Firefox, it appears all browser instances use ...
Hello, Q1 To configure membership provider, you also have to add section to your web.config file. One of the properties of SqlMembershipProvider is also applicationName. If you don’t specify this attribute, then membership API will associate objects in database to the root application with the “/” name. A) what is meant by r...
Hello, Q1 - I’ve created two membership databases ( using aspnet_regsql tool ) DB1 and DB2. I then created web applications A1 and A2. A1 uses DB1 to store user credentials, while A2 uses DB2. If the user I created in A1 ( via Asp.Net WAT tool ) uses email [email protected], then none of the users created in A2 can have the same email add...
Hello, A) Book I’m learning from says that if we handle Login.Authenticate event, then we have to authenticate users on our own. Thus control won’t automatically validate username and password. I thought book suggested this would only happen if we override Login.OnAuthenticate() method, but it appears that even if only add an event ha...
Hello, When using custom template for Login control, if we add control with ID = Login and set its CommandName to “Login”, then Login control will automatically handle authentication. Control with ID=Login can be any control that supports event bubbling. Thus I assume this control can be either Button, ImageButton, LinkButton o...
Hello, Q1 A) Is there a way to create membership database ( using aspnet_regsql tool ) where each user could have several email addresses specified ( instead of just one ) during registration process? B) Is there also a way to somehow "inform" Security wizard in WAT to include new input fields ( where additional email addresses w...