i have a website where anonymous access is enabled, yet when i run it i get a box titled 'Authentication Required' and I have to enter a username and password
the text in the window says
enter username and password for "" at http://localhost
if i click cancel, the page starts to load, but the authentication window pops up again. This happens several times, each time i cancel and eventually the page loads up ( a login page!) but its not being displayed correctly.
How can I get rid of this authentication window ??
Do you have any objects (images for example) that are located under another server or web site to whic the anonymous user does not have access? It is possible that the authentication pop-ups are coming up for each of these objects as they are loading.
public void Application_AuthenticateRequest(Object src, EventArgs e)
{
if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType == "Forms")
{
System.Web.Security.FormsIdentity id;
id = (System.Web.Security.FormsIdentity) HttpContext.Current.User.Identity;
String[] myRoles = new String[1];
myRoles[0] = "admin_role" // Custom Login Role
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, myRoles);
}
}
}
7. Login
if (LoginSuccess)
{
PwdCookie = Session.SessionID + Pwd.Text // use crypt
FormsAuthentication.RedirectFromLoginPage(UsrID.Text.Trim(), true);
Response.Redirect("Home.aspx");
}
8. Check in Admin.aspx or Any private file
// For Role
if (User.IsInRole("admin") || User.Identity.Name == "id/name")
{
// allow to view
}
9 Logout
FormsAuthentication.SignOut();
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); // Before create session if we use, session will be more secure
Response.Cookies.Add(new HttpCookie("__LOGINCOOKIE__", ""));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
10. For More Security:
http://msdn.microsoft.com/en-us/library/ms978378.aspx
misuk11
Participant
1608 Points
1285 Posts
authentication required
Aug 22, 2007 11:10 AM|LINK
i have a website where anonymous access is enabled, yet when i run it i get a box titled 'Authentication Required' and I have to enter a username and password
the text in the window says
enter username and password for "" at http://localhost
if i click cancel, the page starts to load, but the authentication window pops up again. This happens several times, each time i cancel and eventually the page loads up ( a login page!) but its not being displayed correctly.
How can I get rid of this authentication window ??
sivilian
Contributor
6235 Points
1194 Posts
Re: authentication required
Aug 22, 2007 05:08 PM|LINK
Do you have any objects (images for example) that are located under another server or web site to whic the anonymous user does not have access? It is possible that the authentication pop-ups are coming up for each of these objects as they are loading.
hope this helps,
sivilian
misuk11
Participant
1608 Points
1285 Posts
Re: authentication required
Aug 23, 2007 12:54 PM|LINK
I found the solution in the end it was a trust problem with firefox, IE worked ok
I had to open up about:config and locate the following entry
network.automatic-ntlm-auth.trusted-uris
double click it and type in localhost
save and exit, that fixed it.
wolfv
Member
4 Points
2 Posts
Where is "about:config"?
Sep 03, 2007 01:39 AM|LINK
Misksu11,
I have the same problem with localhost on FireFox. Where is "about:config"?
Thank you.
misuk11
Participant
1608 Points
1285 Posts
Re: Where is "about:config"?
Sep 03, 2007 08:41 AM|LINK
just type 'about:config' in the address bar
wolfv
Member
4 Points
2 Posts
Re: Where is "about:config"?
Sep 03, 2007 04:24 PM|LINK
Thank you misuk11. It worked !
hanney
Member
8 Points
33 Posts
Re: authentication required
Nov 26, 2008 05:47 AM|LINK
Hi, there
I got problem with IE..how to fix it?
I used the same method (about:config) but it did't work.
One more thing is when i view the report on FireFox, it used only 1/4 screen of comp.
it hard for me view the report becoz has to scroll down from top to bottom.
help me please...
Haz
sunilkumar.p...
Member
6 Points
3 Posts
Re: Where is "about:config"?
Dec 15, 2008 05:06 AM|LINK
where is "about:config"? i didn;'t get, in which address bar i need to type.
help me pls
Mani55
Member
170 Points
30 Posts
Re: Where is "about:config"?
Dec 15, 2008 07:07 AM|LINK
Here it is some authentication:
1. For Query String:
Server.UrlEncode(Request.QueryString["id"].Trim())
2. For Request:
Server.HtmlEncode(TxtName.Text.Trim())
3. Use Everytimes While Button Click
if(Page.IsPostBack)
{
// Your Code
}
4. Use Server-side Validation for each input
5. Web.Config
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
<connectionStrings>
<add name="My_DatabaseConnectionString" connectionString="Data Source=SW-SERVER;Initial Catalog=My_Database;Persist
Security Info=True;User ID=my_name;Password=my_pwd" providerName="System.Data.SqlClient"/>
</connectionStrings>
<location path="imgFolder">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="cssFolder">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="adminFolder">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
// Note: without login no one can access, except Default.aspx
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="Default.aspx" protection="All" timeout="100" slidingExpiration="true" />
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="100"/>
6. Custom Role Add: into Global.asax
public void Application_AuthenticateRequest(Object src, EventArgs e)
{
if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType == "Forms")
{
System.Web.Security.FormsIdentity id;
id = (System.Web.Security.FormsIdentity) HttpContext.Current.User.Identity;
String[] myRoles = new String[1];
myRoles[0] = "admin_role" // Custom Login Role
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, myRoles);
}
}
}
7. Login
if (LoginSuccess)
{
PwdCookie = Session.SessionID + Pwd.Text // use crypt
FormsAuthentication.RedirectFromLoginPage(UsrID.Text.Trim(), true);
Response.Redirect("Home.aspx");
}
8. Check in Admin.aspx or Any private file
// For Role
if (User.IsInRole("admin") || User.Identity.Name == "id/name")
{
// allow to view
}
9 Logout
FormsAuthentication.SignOut();
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); // Before create session if we use, session will be more secure
Response.Cookies.Add(new HttpCookie("__LOGINCOOKIE__", ""));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
10. For More Security:
http://msdn.microsoft.com/en-us/library/ms978378.aspx
hanney
Member
8 Points
33 Posts
Re: Where is "about:config"?
Dec 16, 2008 12:04 AM|LINK
do you have a lot of address bar..?[:P]