forms-authentication

Is there any good reason why ASP.NET's session state cookie and the Forms Authentication cookie are two separate cookies? What if I want to "tie" them to each other? Is it possible in an elegant way? Right now, I am stuck with the following solution, which works, but is still ugly: [Authorize] public ActionResult SomeAction(SomeModel model) { // The following four lines must be included in *every* controller action // that requires the user to be authenticated, defeating the purpose of // having the Authorize attribute. if (SomeStaticClass.WasSessionStateLost/*?*/) { FormsAuthentication

I have a web application and I need to provide its users the option to switch login method from FormsAuth to WindowsAuth. I managed to change the web.config file via code: Configuration config = WebConfigurationManager.OpenWebConfiguration(Url.Content("~")); AuthenticationSection auth = ((AuthenticationSection)(config.SectionGroups["system.web"].Sections["authentication"])); auth.Mode = AuthenticationMode.Windows; // Or Forms if I want to. config.Save(); But the problem is, when I use FormsAuth, I need the Anonymouse Authentication option to be turned on, and when I use WinAuth, I need it to

I want to allow access to swagger-ui and metadata only if user is authenticated (forms auth) on our web app, but I want to allow API access all the time (API have some public methods and some which require basic auth). So what I did is I added this route prefix for API: public override RouteAttribute[] GetRouteAttributes(Type requestType) { var routes = base.GetRouteAttributes(requestType); routes.Each(x => x.Path = "/API" + x.Path); return routes; } And: ServiceRoutes = new Dictionary<Type, string[]> { { typeof(AuthenticateService), new[] { "/api/auth", "/api/auth/{provider}" } }, } And this

I've been experimenting with ASP.Net MVC, and have come across a problem that is probably not specifically MVC related. But I cannot get the authentication in the default MVC application (the one created by the wizard when you create a new MVC project) to work properly under IIS 7 on Windows 7. If I run under the Visual Studio environment, it works, but if I switch the settings to run under IIS instead, I get the following exception trying to submit the login or registration: Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path.

I am having the hardest time figuring this out. I am using FormAuthentication. When a user logs in and they check remember me, I want to the user to stay logged in for 24 hours. The problem is, no matter what I do the user is automatically logged out after like 30 minutes. We the user selected remember me, I set a persistent cookie to expire 24 hours later. I can see the cookie in the browser options and the expiration is correct. If I leave the site and go back in say an hour. The user is logged out...... He is some code snippets of what I have. bool IsValid = Membership.ValidateUser

I am trying to share forms auth from a root application to a sub application running in a virtual directory. I am having trouble with authentication in the subsite. In the parent application everything works as expected. I have the following setup: Parent application: URL : http://localhost:1336/ <forms loginUrl="~/account/sign-in" protection="All" timeout="30" name=".MYAPPLICATION" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="/" /> Virtual Directory: URL : http://localhost:1336/subsite <forms loginUrl="/account