forms-authentication

I'm using the following code in an MVC5 site: [HttpPost] [ValidateAntiForgeryToken] public ActionResult Login(LoginModel loginModel) { if (ModelState.IsValid) { var authenticated = FormsAuthentication.Authenticate(loginModel.UserName, loginModel.Password); if (authenticated) { FormsAuthentication.SetAuthCookie(loginModel.UserName, true); return RedirectToAction("AdminPanel"); } ModelState.AddModelError("", "The username and password combination were incorrect"); } return View(loginModel); } Which throws up the following warning: System.Web.Security.FormsAuthentication.Authenticate(string,

I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application. I've got pages such as PasswordRecovery.aspx that are accessable to only Anonymous users. When I click my login link from such a page, the login page has a ReturnUrl parameter in the address bar: http://www.example.com/Login.aspx?ReturnUrl=PasswordRecovery.aspx And then after a successful login, users are returned to the PasswordRecovery.aspx page specified in the ReturnUrl parameter to which they no longer have access. Zack Peterson I found the answer on Velocity Reviews .

What is the difference between these lines of code: <forms timeout="5" /> <membership userIsOnlineTimeWindow="5" /> <sessionState timeout="5" /> Thanks a lot. Forms ( FormsAuthention ) are used for authentication and when it times out it will logout user. You can 'prevent' timeout by setting SlidingExpiration property to 'true' and it will renew forms ticket on user activity (read request to asp) if needed. This will keep user logged on while he is 'active' on your site. Membership is used for user validation and userIsOnlineTimeWindow is there to help you track user activity so when it runs

I am developing an MVC 3 project and want to add a user to a role when they are registered, using Forms Authentication. So I'd like to create some check boxes, or a drop down list showing the roles, which are selected and the user is assigned to the role as they are registered. I have this code so far, which works: public ActionResult Register() { ViewData["roleName"] = new SelectList(Roles.GetAllRoles(), "roleName"); return View(); } And in the view I have: <label for="roleName">Select Role:</label> @Html.DropDownList("roleName") @Html.ValidationMessage("roleName") This is HttpPost section of

We're using ASP.NET and IIS 6.0. I realise that the definitions of applications, websites and virtual directories are ill-defined in IIS 6, and changed a lot in IIS 7. However, I'm stuck with IIS 6.0 for now. We have a single web site defined in IIS, and a number of separate sub-sites in Virtual Directories. The scheme looks like this:- http://site.example.com/site1 http://site.example.com/site2 .. etc .. site1, site2, ... are virtual directories in IIS 6.0, under the "Default Web Site". I need to use ASP.NET sessions and forms authentication in most of these sites, and I don't want them to