forms-authentication

问题 My company has a large application we are finishing up. It utilizes WCF as the back-bone with Active Directory for authentication. This works perfectly for one of the two sites as the authentication model is Windows and you have to be part of the domain to sign into the site. The question I have relates to the other site which is externally accessible. It sets ClientCredentials.Windows.ClientCredential for the proxy call with a specific user/pass for impersonation of an AD-user so the full

问题 I'm using ASP.NET Forms Authentication with a simple way. The authentication use a cookie for store the credentials. Works perfectly in browsers like: Desktop: Chrome, Safari, IE, ... Mobile: iPhone Browser, Opera Mobile ... I press the button form's authentication and i redirect to the app page. BUT, in Android browser i press the button and nothing. The configuration of ASP.NET Forms Authentication is simple: <authentication mode="Forms"> <forms loginUrl="MLogin.aspx" timeout="30" name="

问题 I have a webforms app that uses a few ASP.NET AJAX Timer controls (i.e. polling). If a user is on a page with one of these, they will effectively never time-out, as the polling process keeps their authentication ticket alive. I'd like to segment Timer controls so they don't trigger Forms Authentication's RenewTicketIfOld method. The path I'm on and I've done something similar before is to inject something into the AJAX HTTP request to have these requests identified as coming from a timer and

问题 I've got a session variable that stores my entire user object and when the person logs into my site with forms authentication (using the default MVC provided login) I set the Session variable to the user object like so: FormsAuthentication.SetAuthCookie(user.Username, model.RememberMe); SessionUtil.User = user; All my pages are set to work from this Session object, however the problem arises when they check the remember me box. Close their browser, re-open the browser, and go to my site again

问题 I've got a session variable that stores my entire user object and when the person logs into my site with forms authentication (using the default MVC provided login) I set the Session variable to the user object like so: FormsAuthentication.SetAuthCookie(user.Username, model.RememberMe); SessionUtil.User = user; All my pages are set to work from this Session object, however the problem arises when they check the remember me box. Close their browser, re-open the browser, and go to my site again

问题 I'm currently trying to set up a website that uses both windows authentication and forms authentication. I am using ASP.NET MVC and both IIS6 and 7 need to be supported. How would I go about letting known AD users into the app (their AD id is stored against their user record in the application database) and directing everyone else to a standard username/password page. 回答1: It seems the answer is no. We've had to set up 2 sites, the main application with forms authentication and a separate

问题 On the same IIS web site, I have two ASP.NET web applications called /foo and /bar. Both use forms authentication and I want users to be able to log in and out of both sites independently. With the standard configuration for forms authentication, it seems to send a cookie path of "/" for the forms auth cookie. This means that when a user logs into /bar it logs him out of /foo which is undesirable behaviour for me. The obvious solution seems to be this: FormsAuthentication

问题 I understand there are 2 ways of excluding pages from forms auth. Either by using another web.config file in the folder that has pages that need to be excluded or by using the location element <location path="ExcludePage1.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> I have 20 pages scattered all around the web app, so I cannot create a separate web.config. However, due to the number of pages that need to be excluded, I would rather not want

问题 For some reason, I the UserData property of my authentication cookie is empty. Here is the code: var authCookie = FormsAuthentication.GetAuthCookie(userName, rememberUser.Checked); // Get the FormsAuthenticationTicket out of the encrypted cookie var ticket = FormsAuthentication.Decrypt(authCookie.Value); // Create a new FormsAuthenticationTicket that includes our custom User Data var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,

问题 I have the code below on a login page. I'm using this to set the login timeout by customer. In IE8 I'm running into the problem that if a user opens another browser window, then logs out in the first window, when they relog back in they get bounced back to the login after a single page (every time). If they don't open another browser, everything is fine. I've found ALOT of questions about this, but the only solution I've found that works is to use the cookieless method (URI). I've seen a few