forms-authentication

I want the benefits of form authentication in ASP.NET. I want it to persist the authorization for me and such, but there's one thing different about my situation; I want to authenticate against a simple web service (specifically provided by the client). I have my code in place to look at the web place and see if they should be authorized, but how do I set the cookie[?] or authorization flag in ASP.NET that they know the current user is authorized. Basically... if (HttpContext.Current.User.Identity.IsAuthenticated) // we're all good //Other wise... bool success = CheckClientsWebService(string

Up until now I've been using an MVC Area for the administration part of my mvc applications, but recently I've been rethinking this due to the fact that you can't have more than one configuration for forms authentication per application . This has become a problem becuase in a recent project I wanted to set the auth cookies not to expire for users, but I don't wan't this for administration users. I also don't want the user login page to be used to access the admin tools. I'm considering setting up a seperate MVC project in the solution purely for admin tools. This seems to me the best option,

Closed. This question is off-topic. It is not currently accepting answers. Learn more . Want to improve this question? Update the question so it's on-topic for Stack Overflow. I am very new to ASP.NET MVC 3 (and MVC in general for that matter). In ASP.NET Web Forms, I did authentication using Principals and Identities. Is this the recommended way to do it in MVC or is there something newer? I see a Membership class, but if I understand it correctly it is too heavyweight for what I need. Does any one have a good tutorial or site recommendation to help me out with this? It can be comprehensive

I am trying to understand concepts of windows authentication, forms authentication and their differences. I am confused. Can someone help me in clarifying this. Thanks. Hades Windows Authentication refers to authenticating against Windows user accounts on the box that the application is running on. Forms authentication is a stand alone method of authenticating in .NET forms that you can hook up to some other system, such as a database. Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application

It's an outdated article, but http://msdn.microsoft.com/en-us/library/ff650308.aspx#paght000026_step3 illustrates what I want to do. I've chosen Nancy as my web framework because of it's simplicity and low-ceremony approach. So, I need a way to authenticate against Active Directory using Nancy . In ASP.NET, it looks like you can just switch between a db-based membership provider and Active Directory just by some settings in your web.config file. I don't need that specifically, but the ability to switch between dev and production would be amazing. How can this be done? Really the solution is

In one application configured with FormsAuthentication, when a user access without the auth cookie or with an outdated one to a protected page, ASP.NET issue a HTTP 401 Unauthorized, then the FormsAuthentication module intercepts this response before the request end, and change it for a HTTP 302 Found, setting a HTTP header "Location: /path/loginurl" in order to redirect the user agent to the login page, then the browser goes to that page and retrieves the login page, that is not protected, getting an HTTP 200 OK. That was a very good idea indeed, when AJAX was not being considered. Now I have

After upgrading to .Net 4.5, I am now getting the warning that "System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile is obsolete" and the suggestion is to use the membership APIs instead. This is all very well and good for new projects, but at this stage (with user data and hashed passwords existing), I can't very well change to a custom membership provider with potentially different ways of hashing. Whats the recommended way forward for issues like this? Continuing to use "obsolete" calls is obviously not the suggested path, so has it been replaced by something else

I am trying to write an ASP.NET MVC application which is a frontend to our CRM which has a SOAP web service. I would like the user to log in to my web application using their CRM username and password, and then authenticate against CRM, make web service calls on the pages etc. I started to look at using Forms Authentication and implementing a custom membership provider - I can implement all the methods I need to like ValidateUser() , but the problem I have is that after logging in to the CRM web service you are given a token which has to be passed with every subsequent web service call, and I