forms-authentication

问题 I have the following code from my account controller: // GET: /Account/Register [AllowAnonymous] public ActionResult Register() { ViewData["roleName"] = new SelectList(Roles.GetAllRoles(), "roleName"); return View(); } // // POST: /Account/Register [HttpPost] [AllowAnonymous] public ActionResult Register(RegisterModel model) { if (ModelState.IsValid) { // Attempt to register the user MembershipCreateStatus createStatus; Membership.CreateUser(model.UserName, model.Password, model.Email, null,

问题 I want to protect a section of my website using forms authentication with the username and password as defined by me in the web.config. When I attempt to login I get the message below. Server Error in '/' Application. Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'. I'm guessing this is happening because it's attempting to use the Membership tables as defined by the LocalSqlServer connection string. I don't want to use the Membership features , how do I configure my web app to

问题 I would like to understand briefly how the authorize filter and FormAuthentication.SetAuthCookie work under the hood. It's the only thing I find ambiguous after reading some books on the language. I don't understand how the authorize filter knows where to look. And what about FormsAuthenticationTicket VS FormAuthentication ? And is cookie the most secure way, I mean I'm sure it's possible to export the cookie from a browser and use it somewhere else..? 回答1: You might find this question

问题 I am pretty sure the reason of the error is because the forms authentication "ticket" has expired. When the users have not done any pagerequest for the last 20 minutes and click on any of GridView links (to edit, delete, sort...) the exception is raised: Sys.WebForms.PageRequestManagerServerErrorException 12031. The exception is only raised when the GridView is inside an UpdatePanel . If I delete the UpdatePanel, the application redirects the user to the login page, which should be the

问题 I have a website built on a simple authentication model. It runs fine locally and on local IIS, but it is not redirecting to the default page after typing in the correct credentials, all this in the test server. The code goes as follows. Web.config <compilation targetFramework="4.0" /> <httpRuntime maxRequestLength="50000" /> <customErrors mode="On" defaultRedirect="exc/exc.aspx?e=1"> <error statusCode="404" redirect="exc/404.aspx?e=404"/> </customErrors> <authentication mode="Forms"> <forms

问题 I have the following setup: http://www.example.com/dir1/ and http://www.example.com/dir2/ Each virtual directory is configured on IIS6.0 as an application with own AppPool. When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to the login page. This issue was not coming up with each app (dir1 and dir2) were configured under subdomain, ex: http://dir1.example.com and http://dir2.example.com

问题 I'm using 1.0.1 version of asp.net core and I'm using authentication in my form. I use UseCookieAuthentication and its gives an error Cannot convert lambda expression to type 'CookieAuthenticationOptions' because it is not a delegate type In the Startup.cs , configure method. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); app

问题 I've been put in charge of figuring out a way to allow users to authenticate into our forms based site. Our corporate IT has set up a development adfs server, and the relying party trust has been set up to one of our dev environments. I've been reading and looking for tutorials for about two weeks, so I'm by no means an expert, and I can't seem to understand how the STS (our ADFS server) is supposed to figure out which user is requesting authentication. I've been following Wiktor Zychla's

问题 I'm using FormsAuthentication mechanizm and auth users via FormsAuthentication.SetAuthCookie(...); Can I logout current user from all browsers somehow? 回答1: Add a guid parameter inside to authentication parameters. Also save guid to a session table for example like this; public class sessionLog { public int UserID { get;set;} public string Guid {get;set;} // ... may be you can add IP, datetime or isSessionClosed etc } When login add a row into table, save guid inside the cookie. Check the

问题 I'm writing an ASP.NET MVC application and I'm using forms authentication with the default IPrincipal, IIDentity, etc. In my authentication ticket I'm storing the username in the name parameter. However, I'm running into instances where on every request my master layout needs access to not only the username, but also the email and userid of the user. I need the email so I can load a gravitar icon for the user, the username so I can have a friendly display name in the top bar, and the userid