forms-authentication

In an angular app with a .net web api backend, I'm trying to implement forms authentication over async requests. Here is the relevant portion of my web.config... <authentication mode="Forms"> <forms loginUrl="/" cookieless="UseCookies" name=".TIMETRACK" requireSSL="false" timeout="30" protection="All" path="/TimeTrack" /> </authentication> Here is my web api login method... [Route("Login")] public HttpResponseMessage Post(AppUser credentials) { var userTemplate = _authenticationProvider.GetUserByEmail(credentials.Email); var user = Mapper.Map<ClientUser>(credentials); if (userTemplate.HashCode

I'm running the latest version of YetAnotherForum in a folder beneath my main WebApplication. The subfolder is configured as an application in IIS and navigating to the folder and logging in works wonderfully. YAF is setup with a membership provider and uses Forms Authentication. What I'm trying to do now is to auto login a user into the forum from the main website. The main website uses custom authentication through sessions and cookies. It doesn't use any of the built in ASP.NET authentication or membership components. So basically what I want to happen is that when a user click on a link to

In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token? Session: Fast, Scalable, and Secure Session State Management for Your Web Applications Authentication: How To: Protect Forms

I'm playing around with authentication and authorization to prepare for some task. I've created two pages: Login.aspx and Default.aspx. In config file i've set authentication to forms and denied unauthenticated users access: <authentication mode="Forms"> <forms name="aaa" defaultUrl="~/Login.aspx" /> </authentication> <authorization> <deny users="?"/> </authorization> Then I've written some simple code to authenticate my user in Login.aspx: protected void Page_Load(object sender, EventArgs e) { GenericIdentity identity = new GenericIdentity("aga", "bbb"); Context.User = new GenericPrincipal

In my application a role has several permissions. And I want users to have access to actions dependent on permission, not the role. So suppose: Admin has perm1, perm2, perm3, SuperAdmin has all the permissons that admin has + perm4 and perm5. Also, there are some minor guys also who have perm1, perm3, perm6, perm7. I want to do the following: I want action to be accessible by guy who has suppose perm3 or perm4. those two permissions are from two different roles. but beside perm3 Admin has perm1 and perm2, this action will be also accessible by minor guys who have perm3 (its not obligatory to