forms-authentication

问题 Here is the scenario... User types his username. Types an "incorrect" password. Both username and password values are being passed to the Elmah error log via the Exception.Context.Request.Form["Password"] . It's a read-only value and cannot be modified. And no... I don't want to dismiss the exception (fail). We added ErrorLog Filtering programmatically: void ErrorLog_Filtering(object sender, ExceptionFilterEventArgs e) { if (e.Exception is LogOnException) { ((HttpContext) e.Context).Request

问题 I am building a simple CMS in which roles are set dynamically in the admin panel. The existing way of authorizing a controller method, adding [Authorize(Roles="admin")] for example, is therefore no longer sufficient. The role-action relationship must be stored in the database, so that end users can easily give/take permissions to/from others in the admin panel. How can I implement this? 回答1: If you want to take control of the authorization process, you should subclass AuthorizeAttribute and

问题 I have a central authentication application on server a. Server b has one or more applications on the same domain that need to authenticate from server a. It's easy enough to set it up so that the server b apps redirect out to server a. What's not so easy is getting the ReturnURL to be absolute. Here's the wrinkle. Consuming app on server b has two controllers, one public and one secured. If the [authorize] decoration is placed on an action in the public (which is the default controller), I

问题 I have an asp.net 4.0 application that is using forms authentication set to a timeout at 45 minutes. I would like to redirect the user to a timeout page when the session has expired. Can anyone tell me how to do this? I am running .net 4.0. web.config has: <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" protection="All" timeout="45" requireSSL="false"> </forms> </authentication> Global.asax.cs file has: void Session_End(object sender,

问题 So, I have web apps with web.configs like so: <authorization> <deny users="?"/> </authorization> ... <location path="SomeUnsecuredPage.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> In other words, most pages require authentication and authorization, but some don't. Then I have an IHttpModule that will be used by all the different applications. All I want to do is check if the current request is "secured" at all. If the page doesn't require

问题 I am having problems allowing a specific Role access to a specific page in a subdirectory. My ASP.NET application has a directory, ~/Forms/Administration that has limited access. There is a specific file, ~/Forms/Administration/Default.aspx that I want to give 1 additional user role access to, as well as the Admin role. In ~/Forms/Administration, I have a web.config file that looks like this: <?xml version="1.0" encoding="utf-8"?> <configuration> <system.web> <authorization> <allow roles=

问题 I'm creating a multi-tenancy web site which hosts pages for clients. The first segment of the URL will be a string which identifies the client, defined in Global.asax using the following URL routing scheme: "{client}/{controller}/{action}/{id}" This works fine, with URLs such as /foo/Home/Index. However, when using the [Authorize] attribute, I want to redirect to a login page which also uses the same mapping scheme. So if the client is foo, the login page would be /foo/Account/Login instead

问题 Trying to implement subject in a test environment. .UseWebListener(options=> { options.ListenerSettings.Authentication.Schemes = AuthenticationSchemes.NTLM | AuthenticationSchemes.Negotiate; options.ListenerSettings.Authentication.AllowAnonymous = true; }) And app.UseWhen(context => context.Request.Path.StartsWithSegments("/ntlm"), builder => builder.UseCookieAuthentication(new CookieAuthenticationOptions() { AutomaticAuthenticate = true, AutomaticChallenge = true, LoginPath = "/Main/Login",

问题 I've implemented a custom role provider, and configured it in my web.config file like this: <roleManager enabled="true" defaultProvider="TDRoleProvider" cacheRolesInCookie="true"> <providers> <clear/> <add name="TDRoleProvider" type="TDRoleProvider"/> </providers> </roleManager> I've overridden the GetRolesForUser function in my custom role provider, and I've stepped into it, and it works just fine - loads up 60 roles for the user I'm testing with. However, I've noticed that the

问题 I've implemented a custom role provider, and configured it in my web.config file like this: <roleManager enabled="true" defaultProvider="TDRoleProvider" cacheRolesInCookie="true"> <providers> <clear/> <add name="TDRoleProvider" type="TDRoleProvider"/> </providers> </roleManager> I've overridden the GetRolesForUser function in my custom role provider, and I've stepped into it, and it works just fine - loads up 60 roles for the user I'm testing with. However, I've noticed that the