Last post Jun 17, 2014 10:09 PM by BrockAllen
Jun 16, 2014 02:38 PM|lzymll|LINK
I created a project using asp.net mvc 5.1, asp.net identity 2.0. After I deploy it to IIS, when I go to secure page 'https://www.domain.com/Account/Login', after login, if I go to
https://www.domain.com. Request.IsAuthenticated return true on _LoginPartial.cshtml page, but go to
http://www.domain.com, always return false.
I don't know what's wrong. thanks for help
Jun 16, 2014 02:44 PM|BrockAllen|LINK
The cookie is marked as secure which is very important. This means the browser won't send it over non-SSL request because it can be potentially stolen and replayed against the web site. The short and correct solution is to always use SSL for any authenticated
Jun 16, 2014 06:37 PM|lzymll|LINK
I do use the secure page https://www.domain.com/Account/Login for login, only on secure pages like https://www.domain.com display logoff, but non-secure
page like http://www.domain.com still display login status.
Jun 16, 2014 07:17 PM|BrockAllen|LINK
I'm not sure I follow. But my point is that you need to use SSL for any page where the user will be authenticated or any page where the user will be entering sensitive data (such as the login page itself).
Jun 16, 2014 08:26 PM|lzymll|LINK
Sorry I didn't express clearly.
When you go to
https://login.asp.net/login/signin.aspx?ReturnUrl=http%3a%2f%2fforums.asp.net%2f , after login, go back to http://forums.asp.net/
you will see Signed in as xxxx under non-secure page.
My problem is that I go to https://www.domain.com/Account/Login after login, when I go back to
http://www.domain.com, still display login not logoff.
My Running Enviroment: Windows 7 + IIS7 + Asp.net MVC 5.1 + Asp.net Identity 2.0
Jun 17, 2014 10:09 PM|BrockAllen|LINK
I'd suggest making sure the requests are https before they hit the redirect to login page.