We need to implement authentication for an ASP.Net MVC project and are looking at the ASP.Net authentication framework to see if it will work. One concern is that apparently it stores the UserID in the session. I just got off the tel with Microsoft, and they advised that in a web farm scenario we would need a state server, and that the...
Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability?
As I understand it, the cookie is encrypted and used to identify a user on each request. I'm curious whether it should affect the design of the primary key on my Use...
I've been researching this intensely for the past few days.
We're developing an ASP.Net MVC site that needs to support 100,000+ users. We'd like to keep it fast, scalable, and simple. We have our own SQL database tables for user and user_role, etc. We are not using server controls.
Given that there are no server controls, and a cu...
I have multiple subdomains trying to use a single subdomain for authentiction using forms authentication all running on windows server 2008 r2.
All of the forms authentication pages are setup to use the same name, and on the authentication page the cookie is added with the following snippet:
FormsAuthentication.SetAuthCookie(txtUserNa...
The ways I can think of are:
Use Windows Identity Foundation (WIF). I have never done this so is a black box and risky.
Use Forms Authentication or similar, then use database replication to make sure each application has access to the data store.
No doubt there are other options.
More info: This is for an internet solution, not intr...
We have a FluorineFx / ASP.Net application which uses forms authentication to identify the current user. To use these credentials in FluorineFx, we use FluorineContext.Current.User.Identity. When I log in the first time, the current context neatly reflects the right identity.
When I log out, I perform a FormsAuthentication.SignOut() an...
Hi,
I am devloping a sharepoint website in Forms authentication mode. I am trying to authenticate myself/ my company users against company's active directory.
The ldap path I received from my technical team is
LDAP://infinmumcfac.inf.com
OU=Infotech,DC=inf,DC=com
I got this piece of code from microsoft site.
<membership defaul...
The default controller in my ASP.NET MVC project is decorated with the [Authorize] attribute. When I deploy the website on my development machine and access the website, I am redirected to the login page (defined in forms loginUrl section of the Web.Config). Result: everything works as expected.
When I publish the website on our product...
Hello everyone -
We are attempting to integrate an ASP.NET MVC site with our client's SSO system using PingFederate. I would like to use the built in FormsAuthentication framework to do this. The way I've gone about it so far is:
Set up my Web.config so that my FormsAuthentication LoginURL goes to my site's "BeginAuthentication" acti...
I'm trying to encrypt some userData to create my own custom IPrincipal and IIdentity objects using Forms authentication - I've serialized an object representing my logged in user to Json and created my FormsAuthentication ticket like so:
string user_item = GetJsonOfLoggedinUser();/*get JSON representation of my logged in user*/
System....
As I understand it "forms" is just a method to authenticate users. Is this correct?
But what "membership" really is I don't know. I've written a custom membership provider but I still don't really see what "membership" is about it if I'm using a custom user table and custom roles table.
So what is forms?
And what is membership?
...
Hello to all,
There's a problem that i am facing with my hosting company, I use a project that uses FormsAuthentication and the problem is that though it successfully logs in, it logs out VERY QUICKLY, and i don't know what could be the cause of that,
so in my web.config file i added those lines:
<authentication mode="Forms" >
<forms...
I am getting the error "The return URL specified for request redirection is invalid" when using forms authentication. I found this thread that says this is a known issue with return URLs that contain colons (mine indeed contains a few).
The workaround in that thread is to catch the error and use a default return URL ... hardly an accept...
What are the differences between Membership.GetUser() and Context.User, and which is recommended for use in getting information about the current user?
...
Hi Guys,
Background
==========
I am using ASP.NET Forms Authentication for my application.
I have made my Password Format "Clear", so no problems with the password encryption.
Requirement
===========
I need to create a view(in SQL server) to display all Administrators in my System.
ie aspnet_Roles.LoweredRoleName='administrator'
The ...
Suddenly, IIS 7.0 is redirecting every request for the root of any domain hosted on the box to ~/Account/Logon, which is our Forms Authentication redirect. Additionally, some JavaScript and image requests are being similarly redirected, but not other aspx pages.
This is not desirable. Nobody will admit to changing anything.
Any ideas?...
Hi been wrestling this form and the last step (actually submitting) has me scratching my head. What I have so far is the form:
<form id="theForm" method='post' name="emailForm">
<table border="0" cellspacing="2">
<td>Email <span class="red">*</span></td><td><input type='text'class="validate[required,custom[email]]" size="30"></td></tr...
I have the following setup:
http://www.example.com/dir1/ and
http://www.example.com/dir2/
Each virtual directory is configured on IIS6.0 as an application with own AppPool.
When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to th...
Hi there,
I have a kind of asp.net forms authentication with the code like that:
FormsAuthentication.SetAuthCookie(account.Id.ToString(), true);
HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null);
What kind of additional efforts shall I take to make authentication cookie (that is user i...
I have a site where most of my pages are arranged in business area folders, e.g. Activations, Outdoors, Branding. Each folder has a small web.config that protects the contents against access by people without a role for that business area.
However, basic admin for most business areas is done via Dynamic Data pages. These are only basi...