forms-authentication | 易学教程

Spring Security - Authentication not working even the credentials are correct

阅读更多关于 Spring Security - Authentication not working even the credentials are correct

问题 I am using spring security in my application where I am intercepting some URLs for authentication. Although URL "/securedMapping1" is prompting for user to login by displaying login page, the login, however, is not working. Even if I give the correct credentials, I am going back to login page with "Bad credentials" error by invoking URL for failed authentication i.e, authentication-failure-url="/login?error=true" is called every time regardless of correct/incorrect credentials. Could anyone

MVC3 Session timeout after 10 seconds

阅读更多关于 MVC3 Session timeout after 10 seconds

Need some help with a Session timeout problem in an ASP.Net web app. Essentially the session expires about 10-15 seconds after login. Side Note: I use a custom combo of FormsAuthentication and basic security My Session.IsNewSession gets set to true after 3-4 good postbacks after login. My Web.Config has the following... <sessionState mode="InProc" timeout="130" regenerateExpiredSessionId="true" stateNetworkTimeout="120" compressionEnabled="true" cookieless="UseCookies" /> <authentication mode="Forms"> <forms timeout="120" ticketCompatibilityMode="Framework40" enableCrossAppRedirects="true" />

Automatically sign out from Forms Authentication in ASP.NET when browser is closed

阅读更多关于 Automatically sign out from Forms Authentication in ASP.NET when browser is closed

问题 Is there a way to force ASP.NET to sign out from it's authentication when the browser is closed or the user types in a new address? If the browser is left open then I need to keep the user authenticated, so a long timeout on the authentication ticket is preferable. 回答1: Not sure if this is still an issue but this resolved the issue for me. Just add the following to the Page_Load event of your Start Page: protected void Page_Load(object sender, EventArgs e) { if (Request.UrlReferrer == null ||

FormsAuthentication with Razor not working

阅读更多关于 FormsAuthentication with Razor not working

I am trying to get FormsAuthentication to work with my Razor app (MVC 3). I have a LoginController that calls my LoginPage (which is in Views/Shared); my web.config has LoginUrl set to "/Login/". When the app tries to bring up the main page, the [Authorize] line brings up LoginPage correctly, but that's where the problems start. Here's my LoginController.cs: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; namespace ABMCEditAndReports.Controllers { public class LoginController : Controller { // // GET: /Login/ public ActionResult Index(

Forms Authentication - Redirect Back to Original Domain

阅读更多关于 Forms Authentication - Redirect Back to Original Domain

问题 Example: Application = https://test2.mytest.com/MyApplication/Download.aspx The application has forms authentication enabled in the web.config: <authentication mode="Forms"> <forms loginUrl="https://test.mytest.com/Login/" name=".ASPXAUTH"/> </authentication> <authorization> <deny users="?"/> </authorization> When accessing the application it correctly redirect to the login page: https://test.mytest.com/Login/?ReturnUrl=%2fMyApplication%2fDownload.aspx However, after successfully logging in

Passing SAML Token to WCF service from Asp.Net

阅读更多关于 Passing SAML Token to WCF service from Asp.Net

When i try to invoke a WCF service from an asp.net application (RP) which is authenticated by another asp.net application(IP) , I'm getting an error message with content of Login page (It is trying to reach the login page because it could not authenticate the request). Identity Provider : _http://localhost/AuthenticatonWS/Login.aspx Relying party Website : _http://localhost/RPWebsite/Default.aspx WCF Service : _http://localhost/RPWebsite/Service1.svc (In my solution I'm calling service1.svc from default.aspx.cs) I don't want the service to be anonymous. Currently the site (RPWebsite) uses STS

Why isn't .ASPAUX cookie being validated by FormsAuthentication?

阅读更多关于 Why isn't .ASPAUX cookie being validated by FormsAuthentication?

问题 I have a site that uses FormsAuthentication and yes, the name of the cookie is .ASPAUX :) I can log in perfectly. The server creates a forms authentication ticket, packs it in a cookie, properly determines the expiration time (1 year ahead) and sends it to the client. For some reason, after some time, even though the cookie is there yet (I can see it with FireCookies) HttpContext.Current.Request.IsAuthenticated becomes false at the server. It's as if the cookie couldn't be validated. The

How do I add HTTPS to my asp.net website for account login?

阅读更多关于 How do I add HTTPS to my asp.net website for account login?

问题 I have an ASP.NET MVC 3 web application using Forms Authentication. What are the basic steps I need to take to enable https for account logins? I'm using IIS 7.5 on Windows Server 2008 R2 回答1: All you need to do is get a certificate and install it in IIS, bind your host to port 443 and you should be good to go. Your app should run as-is on there. http://Startssl.com has free certificates that work very nicely and are recognized in all browsers. Good resource here 回答2: To start, you need to

Authorize attribute on Ajax Action methods in controller

阅读更多关于 Authorize attribute on Ajax Action methods in controller

I was trying to authorize ajax action methods in my MVC3 application. The problem occurs when the user session expires and an ajax action method is asked to execute. The asp.net Authentication system sends 302 redirect instead of sending 401 which seems logical for non-ajax requests. But with Ajax it all gets messed up quickly. So I decided to follow the approach suggested at ASP.NET MVC forces an AJAX request be redirected to the login page when the FormsLogin session is no longer active . Basically, at the end of request we check whether the request is an ajax request and there is a redirect

Should I call base.OnAuthorization(filterContext)?

阅读更多关于 Should I call base.OnAuthorization(filterContext)?

I have a custom AuthorizeAttribute like so: public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.HttpContext.Request.IsAuthenticated) { var userInRole = CurrentUser.IsInRole(Roles); // Etc... } } Should I be calling base.OnAuthorization(filterContext) at all here? If so, what would it do? The default implementation is open source and can be viewed here . It checks whether the user is authenticated, then checks to ensure the user or role is specified on the attribute. I guess the real question is, why are you writing a custom AuthorizeAttribute when the