forms-authentication

I have an ASP.NET website that uses Forms authentication <authentication mode="Forms"> <forms name="NewsCoreAuthentication" loginUrl="~/Default.aspx" defaultUrl="~/Default.aspx" protection="Validation" timeout="300" domain="someRootDomain.com" /> </authentication> I need to identify if user is authenticated on web page after it was rendered to client. To accomplish this I thought that I can read document.cookie and check if ".ASPXAUTH" is there. But the problem is that even if I am signed in this value is empty . How can I check that user is authenticated? Why document.cookie is empty? Thank

With Forms Authentication when the app needs to redirect to sign-in page is there an event or any extensibility point that will let me do additional work to the request before it redirects to the sign-in page? I would like to send additional information in the query string that could vary such that it wouldn't work to just statically embed that in the link in the loginUrl node in the web.config. Edit: For clarification, I want to intercept the request prior to being redirected TO the login page. Example: <authentication mode="Forms"> <forms loginUrl="http://the/interwebs/login.aspx" timeout=

I would like to know if there is a way to check if a page requies authentication based on the web.config settings. Basically if there is a node like this <location path="account"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> then I would like to check on any page if it requires authentication or not and to return true if it is under the account directory. Is this possible? Rush Frisby The solution is to create an anonymous identity (principal), and pass it into the CheckUrlAccessForPrincipal method. It will determine if the page is public, or

When my web.config has the below httpRuntime, my controller cannot grab the cookie .ASPXAUTH. It seems to be able to grab any other cookie, with or without the period prefix. If I delete the below line, it works fine. <httpRuntime targetFramework="4.5"/> I'm using the following to grab the cookie. HttpCookie authCookie = Request.Cookies[".ASPXAUTH"]; Why can't I grab the Forms Authentication cookie? I had similar problem - my app with runtime 4.5 was unable to read an .ASPXAUTH cookie created by another /login/ app that was running under 4.0, causing a redirect loop. Turns out 4.5 introduces

I've written a simple MVC3 application and followed a tutorial on how to set up authenticated users. The tutorial used a SQL server Express database. Is it possible to use an Oracle database instead of SQL server? Is it just a case of changing the connection string in the web.config to point at the Oracle database... or is it a bit more in-depth than that? <connectionStrings> <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> <

Is there a way to be notified when a user becomes logged in with an ASP.net website? Note : A user can become logged in without visiting a "login page". If the "remember me" cookie exists, they can hit an arbitrary page and be logged in. When a user is logged in i want to fetch some session related information. Note : There is the Login.LoggedIn event. Problem is that that control doesn't exist on every page; and the one page it is present on ( Login.aspx ) doesn't call OnLoggedIn event. In the same way that Global.asax has a global On Session Start notification: void Session_Start(object

I'm having problems with using a persistent AuthCookie. The validation and login works perfectly and if i close the browser and re-open it the authentication is still valid no redirect to the login page is done. I'm not sure what the exact time is but let's say that if close the browser without logging off and only reopen it 20 minutes later I'll be redirected to the login page even though the cookie is set when I check with web developer tools and it's expiration date is one month from now. All i'm doing after validating the users credentials is FormsAuthentication.SetAuthCookie(model

Is there an easy way to cache ASP.NET whole page for anonymous users only (forms authentication used)? Context: I'm making a website where pages displayed to anonymous users are mostly completely static, but the same pages displayed for logged-in users are not. Of course I can do this by hand through code behind, but I thought there might be a better/easier/faster way. You could use VaryByCustom , and use a key like username . I'm using asp.net MVC, so I did this in my controller if (User.Identity.IsAuthenticated) { Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache

I'm attempting to use Application Request Routing (ARR) in IIS for passing a set of paths to a Node.js website. My issue is being able to get/set the authentication ticket on either side. I just really need a simple example of an Encrypt/Decrypt pair that will work for C# and Node.js close to out of the box with the same results for both. I'll be working on this problem myself as time permits over the next few days, and intend to answer if nobody comes up with an answer before me. My intention is to write the node side as a connect/express module on the Node.js side. I am already doing a

Im working on a web project in ASP .NET MVC 2. In this project we store some info inside an ecripted cookie (the ASPXAUTH cookie) to avoid the need to query the db for every request. The thing is the code for this part has suddenly stopped working. I reviewed the changes made to the code on the source control server for anything that could be causing it, I found nothing. I even reverted to a known working copy (working on some other persons PC, same code, etc) but after debugging, it seems the .ASPXAUTH cookie is not getting saved anymore. Instead the ASP.NET_SessionId cookie is being set...