forms-authentication

问题 I Have a custom Authorize Attribute, that simply looks like this so far: (I'll add more logic later. I just want to see this work first). public class CustomAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); } } Then I place my attribute onto a controller: [CustomAuthorize(Order = 0)] public class MyController : Controller Now, This all works well & dandy, until my forms authentication runs

问题 I have an MVC 2.0 application that requires a persistent login(if chosen) using forms authentication which is load balanced between two servers. my webconfig(on both servers) looks like so: <authentication mode="Forms"> <forms name="MA_AuthCookie" loginUrl="~/Account/LogOn" timeout="86400" protection="All" path="/" slidingExpiration="false"/> </authentication> <machineKey validationKey="************

问题 I have a web application that currently only supports asp.net forms authentication. My user business logic currently is like: Users.GetUserByID(userID); Users.LoginUser(username, password); i.e. it is pretty modular and I hope supporting active directory won't be difficult. Is it possible for me to support both AD and forms? If yes, what do I do, simply insert a new user for someone who signs into using AD for the first time? 回答1: No the only thing you have to do is witch you membership

问题 I have an ASP.NET MVC4 web page that is, for the most part, accessed without authentication. There is a single page that I want to protect for admin-only access (ELMAH's error log, specifically). Since I only require a single admin login, I'd like to avoid the complexity of maintaining a user/password database. I've done some research, and I've found that previous versions of ASP.NET provide the ability to use Forms Authentication with a password encrypted in the web.config: <forms loginUrl=

问题 Can I force a log out through SQL for asp.net membership account? 回答1: No record of currently logged in users are stored in Forms Authentication mode so it would be impossible to log out a user by some SQL execution alone. Note that a data store like SQL is only used during the actual credential authentication step of the Forms Authentication lifetime: Forms authentication control flow http://i.msdn.microsoft.com/Aa480476.formsauth(en-us,MSDN.10).gif Forms Authentication generally utilizes

问题 I am using Azure Traffic manager to load balance two servers in different regions. I thought I would need a single store or redis cache for my session state. However, while testing it seems to keep me logged in even when I go back between servers by testing which server I am on. I log out, and I am logged out on the other. The only session state I am storing is a user profile, but if it's not found it just goes to the server and grabs it. Below is my forms setup. Do I really need something

问题 I'm trying to apply Custom Forms Authentication to my website to which I already applied Url Rewriting. using this code in Application_Start in global.asax file. routes.MapPageRoute("bill-details", //Route Name "{billno}", //URL with Parameters "~/CallCenter/BillDetails.aspx" //Webforms page to Handle it. ); But when I'm trying rewrite the Loginpage Url, I'm not able to rewrite it. <forms loginUrl="/Login.aspx" name="MyCustomAuthentication" timeout="30"/> The Actual Problem is, when I open a

问题 We have two separate MVC 4 Web Applications that run as parts of the same website. The main (parent) project has authentication, and it works fine. Now that we've added the second project to the same site (one page that runs in a child frame), we can't figure out how to make it use the authorization that the user has undergone through the parent application. Both use the same forms element in web.config: <forms loginUrl="~/Account/LogOn" name=".ASPXFORMSAUTH" domain="..." protection="All"

问题 I'm basically looking for the event that is the opposite of FormsAuthentication_OnAuthenticate. I want to remove some values from the database when a user logs out. I tried putting it into the Session_End event, but it seems that the user is already gone by the time this executes. Update: If I can't determine when a specific user is deauthenticated (ie, due to session timeout) then is there a way to get a list of all currently authenticated users? If I could, then in the Session_End I could

问题 With Forms Authentication when the app needs to redirect to sign-in page is there an event or any extensibility point that will let me do additional work to the request before it redirects to the sign-in page? I would like to send additional information in the query string that could vary such that it wouldn't work to just statically embed that in the link in the loginUrl node in the web.config. Edit: For clarification, I want to intercept the request prior to being redirected TO the login