forms-authentication

问题 I have this on my web.config file: <authentication mode="Forms"> <forms loginUrl="login.aspx" defaultUrl="Venues.aspx" /> </authentication> <authorization> <deny users="?" /> <allow users="*" /> </authorization> I only want to allow authenticated users to my pages. The problem is, the first time that I go to the login page, I don't have any images or styles on my page. I think this is because I denied access to the .jpeg and .css files. I think I can solve this issue in IIS, but I'm just in

问题 I'm using the following code in an MVC5 site: [HttpPost] [ValidateAntiForgeryToken] public ActionResult Login(LoginModel loginModel) { if (ModelState.IsValid) { var authenticated = FormsAuthentication.Authenticate(loginModel.UserName, loginModel.Password); if (authenticated) { FormsAuthentication.SetAuthCookie(loginModel.UserName, true); return RedirectToAction("AdminPanel"); } ModelState.AddModelError("", "The username and password combination were incorrect"); } return View(loginModel); }

问题 Okay so from what I've read on other websites and on stack overflow, Rails throws this Authentication token error because my form doesn't pass the token -- and it's a security feature. This I understand. However I don't really have a form. I have ajax here -- my javascript posts the id'ed information into a processing function. So my question is, how do I get the authentication token to my controller? My view looks like this: <% for transaction in @transactions %> <% if transaction["category"

问题 The default Project template of ASP.NET MVC comes with a class named Microst.AspNet.Identity.Owin.SignInManager. This class is used to authenticate users I dont understand why should i use SignInManager instead of using simple FormsAuthentication in an ASP.NET MVC Project. What are the benefits of SignInManager? Does it authenticate in a different way according to FormsAuthentication? Is it more secure then FormsAuthentication? What can i do else with SignInManager except authentication? What

问题 The default Project template of ASP.NET MVC comes with a class named Microst.AspNet.Identity.Owin.SignInManager. This class is used to authenticate users I dont understand why should i use SignInManager instead of using simple FormsAuthentication in an ASP.NET MVC Project. What are the benefits of SignInManager? Does it authenticate in a different way according to FormsAuthentication? Is it more secure then FormsAuthentication? What can i do else with SignInManager except authentication? What

问题 When a user logs in based on default Forms Authentication method, the server creates a cookie containing encrypted data (using Machine Key as key for encryption). It means that if someone find/guess/access Machine Key for the server, he will be logged in to the web application. I've developed some applications which are on 4 servers. So, I hard-coded the same Machine Key for all the servers in machine.config and I can't use Auto Generate mode. Is it possible to brute force the Machine Key? Is

问题 I'm trying to set up forms authentication across multiple servers and subdomains. I have static machine keys set up for each application like so: <system.web> <machineKey validationKey="574...7A7" decryptionKey="2C3...A0D" validation="HMACSHA256" decryption="AES" /> </system.web> ...and my forms authentication is configured the same for each application: <forms loginUrl="/login" timeout="2880" defaultUrl="/" path="/" name=".SHAREDAUTH" domain="domain.com" protection="All" /> I've also tried

问题 I am attempting to secure a website I am currently developing using ASP.NET MVC 2.0 and forms authentication. In order to secure the forms authentication cookie I want to set the requiresSSL property to true so the cookie is only send by browsers when the connection is under SSL, and obviously ensure that all resources which require authorization are under SSL. My problem is that we are using Application Request Routing to fulfil a number of functions, one being SSL offloading, therefore by

问题 This could be a very simple question, but after a few hours trying to understand how this works on ASP.NET 4.0 I still don't know. I'm using Forms Authentication. I have a login page with a login control on it. This is what I need when users login: A- The users should stay logged until the don't do anything for the timeout set. If they reload a page the timeout has to restart the countdown. B- If they click the "Remember Me" check they should stay connected until they logout, no matter if

问题 I am using the FormsAuthenticationTicket and place the data and passing the data across all the pages. and it will work if we are not changing any data. So, now if I want to change the data and pass it for the cookie and encrypt then how to change the data programmatically. Please give me the solution for changing the data in HttpCookie programmatically. 回答1: This is an example of how I modify an already-issued forms auth ticket: HttpCookie cookie = FormsAuthentication.GetAuthCookie(Username,