forms-authentication

Is there a way to force ASP.NET to sign out from it's authentication when the browser is closed or the user types in a new address? If the browser is left open then I need to keep the user authenticated, so a long timeout on the authentication ticket is preferable. Not sure if this is still an issue but this resolved the issue for me. Just add the following to the Page_Load event of your Start Page: protected void Page_Load(object sender, EventArgs e) { if (Request.UrlReferrer == null || string.IsNullOrEmpty(Request.UrlReferrer.AbsolutePath)) { Session.Abandon(); FormsAuthentication.SignOut();

I have an ASP.NET MVC 3 web application using Forms Authentication. What are the basic steps I need to take to enable https for account logins? I'm using IIS 7.5 on Windows Server 2008 R2 All you need to do is get a certificate and install it in IIS, bind your host to port 443 and you should be good to go. Your app should run as-is on there. http://Startssl.com has free certificates that work very nicely and are recognized in all browsers. Good resource here To start, you need to get a certificate from a certificate authority. You will then have to import it to your server. At this point you

I have a site that uses FormsAuthentication and yes, the name of the cookie is .ASPAUX :) I can log in perfectly. The server creates a forms authentication ticket, packs it in a cookie, properly determines the expiration time (1 year ahead) and sends it to the client. For some reason, after some time, even though the cookie is there yet (I can see it with FireCookies) HttpContext.Current.Request.IsAuthenticated becomes false at the server. It's as if the cookie couldn't be validated. The problem is: Why would that happen? How can I debug why the cookie suddenly becomes invalid without expiring

How to use forms authentication without login control.I don't want to use asp.net login control in my site.But i have to implement forms authentication and to validate users in my database. I am assuming that instead of using a login control, you are using a few textboxes(eg username/password) and a logon button. The code could look something like this: In your aspx file <asp:Textbox runat="server" ID="Username"/> <asp:Textbox runat="server" ID="Password"/> <asp:Button runat="server" ID="Login" OnClick="Login_OnClick"/> <asp:Label runat="server" ID="Msg" > And on server side: public void Login

I am essentially doing is this . However, whenever I use the built in AuthorizeAttribute, the MVC framework (I'm guessing) never looks at my principal to determine if the user has the proper roles. It keeps trying to create a new MDF file in the app_data directory, and because it doesn't have privileged it blows up. Is this expected behavior, and should I derive my own AuthorizeAttribute and check the principal myself? Another weird behavior to point out is that I have two sites on the same domain for which I'm doing single sign on. On either site, I'm using the same class library to recreate

When you have forms authentication setup to redirect to login.aspx when accessing a protected page, what's a good way to detect in login.aspx whether the user was sent there because they haven't logged on yet, or because their forms auth ticket is expired? I'd like to display a "you've timed out" message. (I do not mention the word session in this question, because ASP.NET treats them so distinctly, however, if there is a good solution that involves session, I'm all ears) I've solved this in the past by having another cooke "hasloggedin" set when a user logs in and then checks to see if that

I am looking for something like the AuthorizeAttribute in MVC, something I can use like this: [WebGet(UriTemplate = "data/{spageNumber}")] [WebCache(CacheProfileName = "SampleProfile")] [WcfAuthorize] public IEnumerable<SampleItem> GetCollection(String spageNumber) { Int32 itemsPerPage = 10; Int32 pageNumber = Int32.Parse(spageNumber); return Enumerable.Range(pageNumber * itemsPerPage, itemsPerPage) .Select(i => SampleItem.Create(i)); } That WcfAuthorizeAttribute , will try to authenticate the user with FormsAuthentication, and set the context's IPrincipal, or return a HTTP 401 Unauthorized. I

I have an ASP.NET MVC2 app using jQueryMobile. It is a secure app, and i'm using the ASP.NET authentication within the MVC2 framework. I am using standard authentication via the web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> I am securing certain controllers using the Authorize attribute: [Authorize] public class ClientController : Controller All my web pages as based upon the same master page, which has a top-level container div as follows: <div class="page" data-role="page"> It all works perfectly on Chrome. However, on the