forms-authentication

If authentication ticket also contains information about roles, then why...?

Hello, Q1 – Reason as to why native UrlAuthorizationModule doesn’t understand roles is due to the fact that roles information is stored in managed object implementing IPrincipal interface, to which native modules don’t have access to. A) But if native UrlAuthorizationModule understands authentication ticket, and thus can work in co...

How to synchronize lifetime of forms authentication cookie and Asp.Net Session?

I am building an Asp.Net web site that uses FormsAuthentication and standard Session mechanism with configuration like that: <authentication mode="Forms"> <forms cookieless="UseCookies" name=".MyAppAuth" loginUrl="~\Login.aspx" timeout="20"/> </authentication> ... <sessionState timeout="20" cookieless="UseCookies" /> It seems that...

How to keep a parameter from url after redirect to login.aspx

I have the following route: {language}/{controller}.mvc/{action}/{id} Once a user has choosen the language it is then maintained in the route-value language. http://localhost%3A4000/de/Account.mvc/Register I have a problem if a user hits a page that needs auhtorization. He ist then redirected to http://localhost%3A4000/Account.mvc/Lo...

use sharepoint forms authentication users to login to remote sql server

The Sharepoint setup I am dealing with is as follows: - forms-authentication sharepoint server - with the users database stored on a remote sql server - we have a custom asp .net application put on tip of sharepoint, that is being run from the __layouts_ folder; the application gets all its content from a remote sql server (nothing to do...

Windows Authentication and Forms Authentication together for ASP.NET

I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user cou...

SharePoint forms authentication sites

With a SharePoint site which is partially anonymous and partially behind a forms authentication login, how do you manage the security of it? I've got a site set up with the CMS portal (which uses Windows authentication) but since FBA is to be used by the public it has been extended to have FBA as the authentication provider and anonymou...

MVC redirects authorized users to wrong url after timeout.

I have published my MVC project to an an IIS 6 server. Running under the application MVCapp. The web project gets the url: www.domain.com/MVCapp/. I use forms login for authentication and got an issue after publishing. The web.config is as follows: <authentication mode="Forms"> <forms name="CTWebCookie" loginUrl="~/Account/Login" def...

Windows forms authentication accessing maxInvalidPasswordAttempts tries left

Hi In my web config file the maxInvalidPasswordAttempts is set to 3. I have a change password form which allows the user to enter their security answer 3 times before the account locks out. However i was wondering if its possible to pull out the number of tries left in order to display a relevant error message when the user tries...

Set authentication as true for the view of the control that performs the authentication in ASP.Net MVC

In the authentication control I have the following line to mark a user as authenticated in the system (after checking out the password): FormsAuth.SignIn(userName, rememberMe); and if I redirect, which is the standard behvaior, everything is ok. But if I show a view right away, the usual ways to check whether a user is authenticated: ...

C# Where is the Authcookie set?

When using FormsAuthentication, where is the Authcookie placed? On the server or on the client? And when the client has cookies disabled, does FormsAuthentication still work? ...

Using Forms Authentication/Authorization with Rewritten URLs

I'm doing a quick sandbox test with some Rewritten URLs (example taken from Scott Guthrie's blog) and Forms Authentication / Authorization. I've a very simple setup. ~/View/(\d{1,6}) => ~/Public/View.aspx?ContentID=$1 AND ~/Buy/(\d{1,6}) => ~/Private/Purchase.aspx?ContentID=$1 I've confirmed the URL Rewriting...

Override ASP.NET forms authentication for a single page

In our ASP.NET MVC application, we automatically redirect users to a log-on page via the <authentication> section of <system.web> when they attempt to access an authorized-only page. The problem is that one action in the middle of the application, designed to be used by a tool, needs to return a straight-up HTTP 401 response on bad acce...

Login failing on live server - asp.net

Hi All, I am new to asp.net and am trying to test my first site on a production server. What I have is a login control "login.aspx" that after successful login redirects the user to an admin area of the site. When I test the site using VS2008 on my Windows XP machine all works well and I can login and administer the site. I am using Fo...

I want to set my FormsAuthentication cookie to timeout BUT VIA CODE.

I want to set my FormsAuthentication cookie to timeout BUT VIA CODE. I know I can do this in the web.config but I want to configure at the database. Is this possible via code? <system.web> <authentication mode="Forms"> <forms timeout="50000000"/> </authentication> </system.web> ...

ASP.NET Membership - Is authenticated user lost when you call a WebService in the same WebApp

I am using the ASP.NET Login Control for authentication. I have some users and they are able to login successfully. When authenticated I redirect to a page helloworld.aspx. In the Page_Load method I first make a call to Membership.GetUser(). This returns the authenticated user properly. I then make a call to a simple WCF web service...

Testing Cross-site authentication with Visual Studio.

Is it possible to add to websites to a VS solution and test cross-site forms-authentication? I'd imagine this would simulate the same behavior between www.site.com and subdomain.site.com. Am I correct? Are there articles out there explaining how to do this (yes, I did search first ;-) )? ...

Forms authentication against multiple providers (SQl and AD)

We have an application that is for both internal users and external customers. We would like to authenticate against AD for the internal users and against sql membership for the external customers. Has anyone taken a similar approach? Also what is the best way to authenicate against AD when in a DMZ? I would rather have a proxy of some s...

Forms authentication timeout + redirect with Page Methods

This has been asked before, but there was no really good answer, so I wanted to get some fresh thoughts on this. I have a website using forms authentication. I have a page that uses page methods to perform various actions. The user is idle on the page past the timeout, then performs an action that calls the page method. When the page...

How to configure SharePoint forms based authentication

Can someone please tell me how to do the following in SharePoint (WSS 3.0): Have a user log in (user name and password) on a page and then if correct display the home page of a WSS 3.0 site? I think it's called forms based authentication. ...

ASP.NET LoginStatus Control - Overriding the ReturnURL in generated QueryString

I have a website that uses the ASP.NET Login Controls and Forms Authentication. I've placed the asp:LoginStatus control inside another Web User Control that manages the display of the Header portion of my site. The issue I have is that the ReturnURL presented by the LoginStatus control references the path to the Header Control, not the...