Search results matching tag 'FormsAuthentication'

Re: Processing in status bar keeps processing after all done!

premchandrasingh — Mon, 24 Aug 2009 04:00:00 GMT

Hi Lyra,

Thanks for your reply and time. I have check my javascript and web services there I could not find any extra call in both service and javascript.

I am sorry I cant give the souce code and I think souce will not help to understand my problem. Yes I can explain more detail.

Its a popup to edit profile detail, when I complete editing I click to save and profile is successfully get updated and I closed the popup (no js error, no server error nothing, evething is working fine as expected). But the processing in the status bar keeps processing (for IE) work fine in FF Mozila. Yes in this profile update I also allow to change the existing user name so I added following two line of code to unauthenticate old user and authenticate the new user.

// unauthenticate the current username
FormsAuthentication.SignOut();

//authenticate the new username
FormsAuthentication.SetAuthCookie(UserName, false);

Now my question is could this SetAuthCookie be the problem?

Forms authentication and multiple login pages

todbr — Sat, 18 Apr 2009 04:00:00 GMT

I'm building a web-based solution for a camera repair shop. The site structure is basically as follows:

www.foo.com - main page, public site
www.foo.com/internal/ - used by staff to manage orders, clients, etc. Requires login (user/pass) against DB table "users".
www.foo.com/clients/ - accessed through a link in the main page, allows users to consult the status of the repair. Requires login with order number and a password that is printed in the order receipt (6-digit hex hash based on order number).
www.foo.com/partners/ - accessed by clients who have an annual contract (like a photo studio) and sends lots of equipments for repairing. Requires login (user/pass) against DB table "partners".

What I'd like to do is set different authorizations for each subfolder - and different login pages. I've been toying around with <location> in web.config, or multiple web.configs for each subfolder, but no luck so far. I know there a lots of post with similar issues, but none of the solutions fits my case. Different "roles" isn't a solution: the staff members even have different roles, up to "admin", but an "admin" logged in /internal/ shouldn't have access to /clients/.

All of these subdirectories share the same DB (Access database stored in /App_Data) and resources like images, css, etc. (stored in /img, /css etc.), so they are NOT independent applications - creating different virtual directories in IIS was a solution suggested in some posts and also in an ASP.Net error.

My "intuitive" solution, which didn't work, obviously, was on web.config in the root:

<location path="">
	<system.web>
		<authorization>
			<allow users="*" />
		</authorization>
	</system.web>
</location>
<location path="~/internal">
	<system.web>
		<authentication mode="Forms">
			<forms name=".ASPXFORMSAUTH" loginUrl="~/internal/login.aspx" timeout="30" defaultUrl="~/internal/default.aspx" />
		</authentication>
		<authorization>
			<deny users="?"/>
		</authorization>
	</system.web>
</location>
<location path="~/clients">
	<system.web>
		<authentication mode="Forms">
			<forms name=".ASPXFORMSAUTH" loginUrl="~/clients/login.aspx" timeout="30" defaultUrl="~/clients/default.aspx" />
		</authentication>
		<authorization>
			<deny users="?"/>
		</authorization>
	</system.web>
</location>
<location path="~/partners">
	<system.web>
		<authentication mode="Forms">
			<forms name=".ASPXFORMSAUTH" loginUrl="~/partners/login.aspx" timeout="30" defaultUrl="~/clients/default.aspx" />
		</authentication>
		<authorization>
			<deny users="?"/>
		</authorization>
	</system.web>
</location>

Any suggestions?

Re: "Remember me next time" not working for Login control? Here's why!

skydiverMN — Wed, 18 Mar 2009 04:00:00 GMT

To keep the maintenance to a minimum and not require compiling, remember to use the defaultUrl property in the response.redirect when the user is authenticated during the page_load.  Use the following in your login page Page_Load event:

protected void Page_Load(object sender, EventArgs e)
{
     if (User.Identity.IsAuthenticated == true)
     {
            Response.Redirect(FormsAuthentication.DefaultUrl, true);
     }
}

Now, you just need to modify the redirect location in one place, assuming you actually added the defaultUrl into the web.config forms tag!

<authentication mode="Forms">
      "Login.aspx" protection="All" defaultUrl="default.aspx" timeout="20" name=".SecurityFormsAuth" slidingExpiration="true" cookieless="UseCookies">

[quote user="anandgothe"]

protected void Page_Load(object sender, EventArgs e)
{
     if (User.Identity.IsAuthenticated == true)
     {
           Response.Redirect("Success.aspx");
     }
}

[/quote]

Re: Best way to maintain Session for many concurrent users

mammu — Thu, 26 Feb 2009 05:00:00 GMT

I think u can make use of the HttpContext.Current.User Object

This has many more features like Roles, Identities..etc

Stopping a direct url browser entry redisplaying an authenticated page

ExGliderPilot — Sat, 07 Feb 2009 05:00:00 GMT

Hi I have a page which needs forms authenication to view. That fine and it works via the standard asp membership provider. If a user logs in , views the secure page, then closes a web page in their (ie) browser (without logging out) and then opens the browser again and enters the url of the secure page at the moment the "secure" information is redisplayed. Any attempt to post back results in a redirect to the login page. Any ideas on how to stop this? That is to say cause a redirect to the login page when their browser is closed (sort of auto log off)

Thanks

Need to integrate CAC Card Authentication with ASP.NET Membership Provider

bfancett — Thu, 04 Dec 2008 05:00:00 GMT

I have worked on two web development projects for the DoD, and they use CAC cards for authentication. I have gotten as far as being able to pull information off of the CAC card, store it in a UserAuth table (SQL Server 2005 Std), however the problem is that my web.sitemap is using roles authentication to determine if the user has rights to see certain areas of the web application. When I allow the user access to the application based on thier valid CAC information, and then bypass the member login form, I loose my sitemap.

How can I allow CAC card authentication and still use the ASP.Net Membership provider to provide roles authentication for my web application?

This is a huge deal, so any suggestion would be great.

Thank you.

FormsAuthentication cookie persists in Firefox?

chillah21 — Thu, 02 Oct 2008 04:00:00 GMT

Hi guys, I've got a question here about a FormsAuthentication cookie in Firefox. In IE, if a user closes their browser, opens a new window, and tries navigate to a page within my site, they're redirected to the login page. Works perfectly. In Firefox, if they close the window, open a new window, and navigate to a page within the site, the page is displayed to them. I want them to be redirected to the login page. I've tried looking at the cookies in Firefox and the FormsAuthentication (and ASP.NET_SessionId) cookies are there with 'Expires: at end of session', and they are still there after I close the browser. Is there any way I can force these cookies to disappear when Firefox is closed, or any properties I can use to reliably detect whether they're coming to the site in what should be a new session?

My code is:

FormsAuthentication.RedirectFromLoginPage(userId, false);

Forms Authentication - How to Kill previous login credintails of the same user?

Jzeb — Thu, 11 Sep 2008 04:00:00 GMT

HI,

Scenario:

I've been trying to use Forms Authentication in my application. I've my user credentials stored in the custom database tables as of now...will upgrade it to ads later.

When a user Logs in, I validate the credentials from my database and then use FormsAuthentcaiton.RedirectFromLoginPage() to set the cookies.

Problem:

Say a user "X" logs in the system from his machine. Now, when another user "Y" tries to log in from another machine with user "X" credentials, I want that the user "X" should be logged off, when he tries to do anything further on the system.

I know this:

I know I can handle it through session ID management - but for this each request to the server has to validate the user session.

What I want to know:

1. I wanted to know that is there a better way to do this?

2. Is there anything inbuilt in the .Net Framework which I can use?

Thanks a lot!

FormsAuthentication.Encrypt . Why is this necessary ?

skobyjay — Tue, 26 Aug 2008 04:00:00 GMT

This isn't required for FormsAuthentication to work( at least I don't think so) so what is special about this feature?

FormsAuthentication.SetAuthCookie() Profile issue

test_dummy — Thu, 21 Aug 2008 04:00:00 GMT

I have forms authentication setup on my web app. I'm having one little problem though. After I call the method FormsAuthentication.SetAuthCookie(string, bool), I went to set some profile properties. I can not do it before calling the method because the profile doesn't get created until after authentication. The problem is the Profile object is not accessible at this point and i'm not sure why, therefore my code will through an exception at line 3. Is there any point in the page life cycle I can access the profile object after authentication or do I have to call another page to set the profile object's properties? Any help in understanding this problem would be appreciated.

My code:

1    FormsAuthentication.SetAuthCookie(user.UserID, user.RememberID)
2    
3    Profile.UserIDNumber = user.UserIDNumber
4    Profile.FirstName = user.FirstName
5    Profile.LastName = user.LastName