forms-authentication

问题 I have an asp.net application which is currently using forms authentication with slidingExpiration="true". In web.config, we have the following: <authentication mode="Forms"> <forms loginUrl="Mylogin.aspx" timeout="15" slidingExpiration="true"/> </authentication> This is all to spec: There is a sliding 15 minute expiration. However, we now have a new security requirement: Users must re-authenticate every 24 hours, even if they have been "active" the whole time. In other words, even if you

问题 I'm having problems with using a persistent AuthCookie. The validation and login works perfectly and if i close the browser and re-open it the authentication is still valid no redirect to the login page is done. I'm not sure what the exact time is but let's say that if close the browser without logging off and only reopen it 20 minutes later I'll be redirected to the login page even though the cookie is set when I check with web developer tools and it's expiration date is one month from now.

问题 I'm attempting to use Application Request Routing (ARR) in IIS for passing a set of paths to a Node.js website. My issue is being able to get/set the authentication ticket on either side. I just really need a simple example of an Encrypt/Decrypt pair that will work for C# and Node.js close to out of the box with the same results for both. I'll be working on this problem myself as time permits over the next few days, and intend to answer if nobody comes up with an answer before me. My

问题 In an angular app with a .net web api backend, I'm trying to implement forms authentication over async requests. Here is the relevant portion of my web.config... <authentication mode="Forms"> <forms loginUrl="/" cookieless="UseCookies" name=".TIMETRACK" requireSSL="false" timeout="30" protection="All" path="/TimeTrack" /> </authentication> Here is my web api login method... [Route("Login")] public HttpResponseMessage Post(AppUser credentials) { var userTemplate = _authenticationProvider

问题 I'm running the latest version of YetAnotherForum in a folder beneath my main WebApplication. The subfolder is configured as an application in IIS and navigating to the folder and logging in works wonderfully. YAF is setup with a membership provider and uses Forms Authentication. What I'm trying to do now is to auto login a user into the forum from the main website. The main website uses custom authentication through sessions and cookies. It doesn't use any of the built in ASP.NET

问题 I have a WebApplication on asp.net 2.0 with namespace Admin. I have Form Authentification mode for the project. <authentication mode="Forms"> <forms name="ASP_XML_Form" loginUrl="Login.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="AutoDetect"> </forms> </authentication> Now, I try to share one folder (one inside page) for not Authentificatied users: <location path="Recovery"> <system.web> <roleManager enabled="false" > </roleManager>

问题 I've been developing an ASP.NET WebForms app that needed account login functionality (e.g. register new users, change passwords, recover passwords, profiles, roles, etc). To do this, I used FormsAuthentication with the default data store, which, to my surprise, is an MDF file in App_Data. When it comes time to actually deploy this app. live on the web, I'm going to use some shared hosting like GoDaddy or another cheap company. For efficiency, I'd like to switch over from this MDF to actual

问题 How do you back-door authenticate Windows users into a website using forms authentication running on IIS 7.0? 回答1: Create a separate page to handle windows logins. This page will authenticate the user and then set the Forms cookie for them. Then, add the page to the web.config to tell IIS 7 to use Windows authentication on that particular page. <configuration> ... <!-- this file captures the user and redirects to the login page --> <location path="Account/WindowsLogin.aspx"> <system.web>

问题 EDIT - Rewrote my original question to give a bit more information Background info At my work I'm working on a ASP.Net web application for our customers. In our implementation we use technologies like Forms authentication with MembershipProviders and RoleProviders. All went well until I ran into some difficulties with configuring the roles, because the roles aren't system-wide, but related to the customer accounts and projects. I can't name our exact setup/formula, because I think our company

问题 Are there any major advantages of using OWIN cookie-based authentication over Forms Authentication cookie-based authentication for developing MVC web applications? The reason I ask is that I would not be using any of the Entity Framework based hooks for OWIN authentication. I've built apps based on Forms Authentication for years and have been able to do things like create different authentication tokens for admins (faster timeouts), anonymous users, and registered users. Using the UserData