forms-authentication

asp.net authentication in a web farm

We need to implement authentication for an ASP.Net MVC project and are looking at the ASP.Net authentication framework to see if it will work. One concern is that apparently it stores the UserID in the session. I just got off the tel with Microsoft, and they advised that in a web farm scenario we would need a state server, and that the...

Does UserId data type affect FormsAuthentication.SetAuthCookie(UserId.ToString(), false)?

Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability? As I understand it, the cookie is encrypted and used to identify a user on each request. I'm curious whether it should affect the design of the primary key on my Use...

Is there any real benefit to using ASP.Net Authentication with ASP.Net MVC?

I've been researching this intensely for the past few days. We're developing an ASP.Net MVC site that needs to support 100,000+ users. We'd like to keep it fast, scalable, and simple. We have our own SQL database tables for user and user_role, etc. We are not using server controls. Given that there are no server controls, and a cu...

Page.User.Identity.Name is blank on pages of subdomains

I have multiple subdomains trying to use a single subdomain for authentiction using forms authentication all running on windows server 2008 r2. All of the forms authentication pages are setup to use the same name, and on the authentication page the cookie is added with the following snippet: FormsAuthentication.SetAuthCookie(txtUserNa...

Simplest way to authenticate users across multiple websites/applications in .NET

The ways I can think of are: Use Windows Identity Foundation (WIF). I have never done this so is a black box and risky. Use Forms Authentication or similar, then use database replication to make sure each application has access to the data store. No doubt there are other options. More info: This is for an internet solution, not intr...

Old user credentials in FluorineFx after resetting a session?

We have a FluorineFx / ASP.Net application which uses forms authentication to identify the current user. To use these credentials in FluorineFx, we use FluorineContext.Current.User.Identity. When I log in the first time, the current context neatly reflects the right identity. When I log out, I perform a FormsAuthentication.SignOut() an...

Sharepoint Active directory forms authentication

Hi, I am devloping a sharepoint website in Forms authentication mode. I am trying to authenticate myself/ my company users against company's active directory. The ldap path I received from my technical team is LDAP://infinmumcfac.inf.com OU=Infotech,DC=inf,DC=com I got this piece of code from microsoft site. <membership defaul...

ASP.NET MVC: AuthorizeAttribute on default page

The default controller in my ASP.NET MVC project is decorated with the [Authorize] attribute. When I deploy the website on my development machine and access the website, I am redirected to the login page (defined in forms loginUrl section of the Web.Config). Result: everything works as expected. When I publish the website on our product...

When does the .NET FormAuthentication ticket get checked and how do I tap into this event?

Hello everyone - We are attempting to integrate an ASP.NET MVC site with our client's SSO system using PingFederate. I would like to use the built in FormsAuthentication framework to do this. The way I've gone about it so far is: Set up my Web.config so that my FormsAuthentication LoginURL goes to my site's "BeginAuthentication" acti...

System.Web.Security.FormsAuthentication.Encrypt returns null

I'm trying to encrypt some userData to create my own custom IPrincipal and IIdentity objects using Forms authentication - I've serialized an object representing my logged in user to Json and created my FormsAuthentication ticket like so: string user_item = GetJsonOfLoggedinUser();/*get JSON representation of my logged in user*/ System....

ASP.NET: What is the connection between forms authentication and membership?

As I understand it "forms" is just a method to authenticate users. Is this correct? But what "membership" really is I don't know. I've written a custom membership provider but I still don't really see what "membership" is about it if I'm using a custom user table and custom roles table. So what is forms? And what is membership? ...

Forms Authentication logs out very quickly , locally works fine !!!

Hello to all, There's a problem that i am facing with my hosting company, I use a project that uses FormsAuthentication and the problem is that though it successfully logs in, it logs out VERY QUICKLY, and i don't know what could be the cause of that, so in my web.config file i added those lines: <authentication mode="Forms" > <forms...

Using a colon (:) in return URL with Forms Authentication ("The return URL specified for request redirection is invalid")

I am getting the error "The return URL specified for request redirection is invalid" when using forms authentication. I found this thread that says this is a known issue with return URLs that contain colons (mine indeed contains a few). The workaround in that thread is to catch the error and use a default return URL ... hardly an accept...

Membership.GetUser() vs Context.User

What are the differences between Membership.GetUser() and Context.User, and which is recommended for use in getting information about the current user? ...

Create a view in database to fetch username and password of all users having a particular roie (Forms Authentication)

Hi Guys, Background ========== I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. Requirement =========== I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The ...

IIS 7.0 - Every site suddenly redirecting root request to forms authentication

Suddenly, IIS 7.0 is redirecting every request for the root of any domain hosted on the box to ~/Account/Logon, which is our Forms Authentication redirect. Additionally, some JavaScript and image requests are being similarly redirected, but not other aspx pages. This is not desirable. Nobody will admit to changing anything. Any ideas?...

Form submit in javascript

Hi been wrestling this form and the last step (actually submitting) has me scratching my head. What I have so far is the form: <form id="theForm" method='post' name="emailForm"> <table border="0" cellspacing="2"> <td>Email <span class="red">*</span></td><td><input type='text'class="validate[required,custom[email]]" size="30"></td></tr...

Application loses authentication when performing redirect to a virtual directory

I have the following setup: http://www.example.com/dir1/ and http://www.example.com/dir2/ Each virtual directory is configured on IIS6.0 as an application with own AppPool. When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to th...

asp.net forms authentification security issues

Hi there, I have a kind of asp.net forms authentication with the code like that: FormsAuthentication.SetAuthCookie(account.Id.ToString(), true); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null); What kind of additional efforts shall I take to make authentication cookie (that is user i...

How do I protect Dynamic data pages using ASP.NET Authentication?

I have a site where most of my pages are arranged in business area folders, e.g. Activations, Outdoors, Branding. Each folder has a small web.config that protects the contents against access by people without a role for that business area. However, basic admin for most business areas is done via Dynamic Data pages. These are only basi...