forms-authentication

问题 the default ASP.NET Forms Authentication cookie sets it's name as ".ASPXAUTH". Notice the first character is a period ? Is there a particular reason for this? Like, does this have an impact on domain names or subdomains for the target domain. Or is it purely some random thing an MS dev person came up with (maybe to help out the ordering of the cookies, when they were debugging or something .. as text with periods prolly get listed before other strings)? 回答1: I was unable to find the "two dots

问题 When i try to invoke a WCF service from an asp.net application (RP) which is authenticated by another asp.net application(IP) , I'm getting an error message with content of Login page (It is trying to reach the login page because it could not authenticate the request). Identity Provider : _http://localhost/AuthenticatonWS/Login.aspx Relying party Website : _http://localhost/RPWebsite/Default.aspx WCF Service : _http://localhost/RPWebsite/Service1.svc (In my solution I'm calling service1.svc

问题 So I'm making a asp.net login. I want the login name that people use to match an id in my SQL database. So that I can retrieve their information. But currently when I use the code below, from which I get the name of the computer I am currently on. However I would like the user Identity to be what they write in the username textbox at the login screen. If HttpContext.Current.User.Identity.IsAuthenticated Then Dim userName As String = HttpContext.Current.User.Identity.Name Response.Write

问题 I'm developing a site where an admin user will be able to login as other user types in the system. I there for have a need to track a current "display" user and the current "logged in" user. The most obvious place seems to be session but then you have challenges keeping the session timeout in sync with the authentication timeout. See my question here: MVC session expiring but not authentication What are the best practices for handling this kind of a scenario? 回答1: Besides the usual web.config

问题 Is there any way to get form code level security question answer in .net SQL Membership Provider? I'm struggling with allowing user to have change password reset and change features using the same provider. Do anybody knows how to do that? Or if I would like to use question and answer feature it means that I automatically have to use security question to change password? 回答1: MembershipProviders such as SqlMemberShipProvider aren't designed to allow you to retrieve the password answer, only

问题 I'm going to write a RESTful WCF service with webHttp or basicHTTP bindings-- nothing fancy. However, I would like to secure it so that unless someone has logged into / authenticated against my ASP.Net MVC website they can't use the service. I must be looking in the wrong places because every discussion or article I read about this deals with securing the service calls via certificates or SSL. That's good to know, but I'm more interested in how to prevent someone from using the service,

问题 I have a custom AuthorizeAttribute like so: public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.HttpContext.Request.IsAuthenticated) { var userInRole = CurrentUser.IsInRole(Roles); // Etc... } } Should I be calling base.OnAuthorization(filterContext) at all here? If so, what would it do? 回答1: The default implementation is open source and can be viewed here. It checks whether the user is authenticated, then checks to ensure the user or role is specified

问题 I was trying to authorize ajax action methods in my MVC3 application. The problem occurs when the user session expires and an ajax action method is asked to execute. The asp.net Authentication system sends 302 redirect instead of sending 401 which seems logical for non-ajax requests. But with Ajax it all gets messed up quickly. So I decided to follow the approach suggested at ASP.NET MVC forces an AJAX request be redirected to the login page when the FormsLogin session is no longer active .

问题 I know I can share forms authentication across 2 subdomains sub1.domain.com , sub2.domain.com by using the following Web.config setting: <authentication mode="Forms"> <forms domain="domain.com" /> </authentication> However, I have 2 "sub-sub" domains (not sure if there's a better term for that) a.sub.domain.com , and b.sub.domain.com . Now I want to share the forms authentication cookies only on sub.domain.com , and not my entire domain.com . Is it possible to do this? I tried the obvious

问题 I've written a simple MVC3 application and followed a tutorial on how to set up authenticated users. The tutorial used a SQL server Express database. Is it possible to use an Oracle database instead of SQL server? Is it just a case of changing the connection string in the web.config to point at the Oracle database... or is it a bit more in-depth than that? <connectionStrings> <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=