forms-authentication

问题 Here's our scenario: We have an MVC3 Application 'MVC3ABC' in solution S1 that is secured using Forms Authentication (currently the user details are just in the web.config for early dev but they will be in an SQL Server database soon). MVC Controller C1 calls through to a WCF service W1 which has the .svc file under a separate ASP.NET web project in solution S1. In this case, the WCF service does not need to know which particular user is logged in, just that it is an authenticated user

问题 I'm working on an intranet, precisely on an activity report system that lists the activity per week of an Employee. So I'm able to select the Employee in question with a DropDownList but I'm having issues with the selection. public ActionResult Client() // ReportIndex { [...] string strEmployee = "-1"; string strUser = User.Identity.Name; if (null != (string)Session["ReportEmployee"]) strEmployee = (string)Session["ReportEmployee"]; [...] ProjectResourceManagerService pr = new

问题 When someone logs into my application and they checked the "Remember Me" checkbox, I set the createPersistentCookie = true so that when they come back they don't need to log in again. However, occassionally, I need to use the FormsAuthentication.SetAuthCookie(NewUserName, [true/false]) so how do I know if they originally set the createPersistentCookie to true or not so I can keep it the same as it was when they logged in? 回答1: I believe when you decrypt the cookie you should be left with a

问题 We have an MVC app that uses controllers for AJAX endpoints, and FormsAuth for authentication. I've run into an interesting scenario where a GET request will behave differently than a POST request (both for an unauthorized user). In this particular case, our custom ControllerFactory runs the following code trying to access this controller: FormsAuthentication.SignOut(); requestContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl); throw new UnauthorizedAccessException(); (I

问题 Please be gentle, I'm a newb to this IoC/MVC thing but I am trying. I understand the value of DI for testing purposes and how IoC resolves dependencies at run-time and have been through several examples that make sense for your standard CRUD operations... I'm starting a new project and cannot come up with a clean way to accomplish user permissions. My website is mostly secured with any pages with functionality (except signup, FAQ, about us, etc) behind a login. I have a custom identity that

问题 I have a bunch of wcf webhttp (rest) services that expect an auth cookie. Question is - How do I pass the formsauth ticket to the wcf service? Flowing authentication works for get requests through the browsers just fine (as it should) but I am not sure how to set the cookie during my calls using httpclient or webchannelfactory. At this point the authentication is done and the cookie is available. I am not sure of where to insert the cookies while invoking the service through a HttpClient.

问题 I'm having an issue where my session is expiring, Session["UserId"] = userId; but the authentication cookie is still there so the [authorize] attribute is still allowing the user to navigate the system until the system tries to read the session variables and errors out. Null exception Are there any thoughts on how to make the auth cookie go away when the session expires? I would certainly appreciate any insight as I am new to ASP.NET MVC 3. 回答1: There are many ways you can do this. Here is

问题 I am getting the error "The return URL specified for request redirection is invalid" when using forms authentication. I found this thread that says this is a known issue with return URLs that contain colons (mine indeed contains a few). The workaround in that thread is to catch the error and use a default return URL ... hardly an acceptable solution. I can try to avoid colons in URLS, but that's a bit of a pain. Is there another alternative? 回答1: The colon is a reserved character, per the URI

问题 I have an ASP.NET website with two different sections, root website and an /Admin sub-folder. I want to have two different forms authentication/login pages for them. /Admin folder should use/redirect /Admin/Login.aspx and root pages should use /Login.aspx. What should I do in web.config to accomplish this? 回答1: A couple options: Use the same authentication form. Then use roles to authorize access to admin Allow access to the login form by adding a location + authorize anonymous rule to the

问题 I seem to have a problem with timeouts and forms authentication loops in my application. The application is MVC3 based and is AJAX heavy. I find that even when a user is continuously working on the application and not being idle, sometimes they get kicked out and then forms authentication goes into a redirect loop with a 302 error. The application is hosted with a provider who tells me they have increased the session timeouts to 60 mint. My web.config setting for the application is as follows