forms-authentication

问题 I am getting 403 when a user accidentally closes their browser without logging out and tries again to open the url. When they check back, website throws 403. To temporarily resolve the issue I clean out all the cookies and the access is back on. Error: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. Details to troubleshoot: Web.Config file <forms loginUrl="index.aspx" protection="All" path="/" timeout="300"

问题 I have a ASP.NET Web Service which exposes a method called DoLogin [WebService(Namespace = "http://rtns.ism.ec/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] public class UserManagerService : WebServiceBase { [WebMethod(EnableSession=true)] [ScriptMethod] public ResponseBase<bool> DoLogin(LoginCredentials Credentials) { Credentials.IpAddress = HttpContext.Current.Request.UserHostAddress; Credentials.ServerID = Environment.MachineName;

问题 This is the login function (after I validate user name and password, I load user data into "user" variable and call Login function: public static void Login(IUser user) { HttpResponse Response = HttpContext.Current.Response; HttpRequest Request = HttpContext.Current.Request; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserId.ToString(), DateTime.Now, DateTime.Now.AddHours(12), false, UserResolver.Serialize(user)); HttpCookie cookie = new HttpCookie

问题 Scenario I develop an MVC application that will be hosted in Windows Azure. During development, I test against a local database and local user membership service. In production, the application hits off a SQL Azure database and a cloud-hosted user membership service. Sometimes I'll log in to the local version of the site with a user account that only exists on my local machine. If I forget to log out but switch my machine out of test mode, things start to break. The Problem I set my hosts

问题 I have a MVC3 website that uses forms authentication, and I wanted to know if there are any issues that may arise if several or more people are logged in using the same user account? I have been trying to trouble shoot an error we've been having (it looks like the website server is having issues communicating to the database server,) however I just wanted to rule out the possibility of the issue arising from account sharing. Thanks 回答1: No, as far as ASP.NET Forms Authentication mechanism is

问题 I've never had this problem before, I'm at a total loss. I have a SQL Server 2008 database with ASP.NET Forms Authentication, profiles and roles created and is functional on the development workstation. I can login using the created users without problem. I back up the database on the development computer and restore it on the production server. I xcopy the DLLs and ASP.NET files to the server. I make the necessary changes in the web.config, changing the SQL connection strings to point to the

问题 I’ve got a moss document centre website with FBA and AD authentication enabled. After creating a picture library I seem to have reduced functionality when accessing the site through the FBA URL. I’ve compared the web.config files from each IIS website and they are the same (apart from added FBA information that's required). Here's two pictures to illustrate what I mean. This picture shows the options available in the picture library when accessing the website through AD authentication: alt

问题 I'm having this issue with my current session manager, when the session expires it will not log off the user. At random intervals while user is logged in the HttpContext.Current is NULL causing the site to generate many errors. I've tried a couple of techniques to redirect user to login upon session expiration, with no success. Under Global.asax I'm making use of Session_End can attempted to call LogOut method but this gets executed even before user logs in. Under Global.asax I added

问题 I'm trying to set up SSO on two separate IIS web sites (with a common domain) using Forms Authentication. I'm using the common approach of setting the auth cookie to the common domain and using matching machine key to enable decryption. This works with no issues on test sites that I created . However, when trying to implement this in a legacy Web Forms site, I'm running into something that I don't understand. When I log into one site, the test code on the second site has the following results

问题 My requirement is that only the login page and the Register page should be accessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008. After that I have enabled security adding this section to the web config: <authorization> <deny users="?" /> </authorization> Now the Register Action is not accessible anymore because of the security enabled. How I can do to disable security only for that Action? Thanks 回答1: You will want to use the Authorize