form-authentication

问题 In our company we have an apache server running a django application (through wsgi) and some legacy php applications. To have some sort of single sign on we decided to use mod_auth_form and wsgi as the AuthFormProvider. In django itself we enabled the RemoteUserBackend and all works fine. The legacy php applications are also protected via mod_auth_form and wsgi. The problem is that there are some locations which should be accessible by authenticated and anonymous users where authenticated

问题 We have an ASP.NET MVC 4 intranet application. We’re using Windows Authentication and that aspect works fine. The user’s credentials are used and we can access those credentials from the web app. What we really want is some sort of hybrid mode, however. We want to get the user’s credentials from the browser, but we also want to verify that the user is in our application’s database. If the user’s in the database, then they can just continue on. If they’re not, we want to redirect them to a

问题 We are deploying our GWT app to a Wildly 8.1.0 server and are using form authentication for security. Our problem is that every time our customer has a special character (æøåäëö, etc.) in their username or password, they cannot login. I have seen other people having the same issue: https://developer.jboss.org/thread/42859?tstart=0 UTF-8 encoded j_security_check username incorrectly decoded as Latin-1 in Tomcat realm Spring security: Form login special characters but they are using Tomcat

问题 Our web application requires custom form authentication with specific logic inside. The current form authenticator implementation requires the authenticator module, let's call it custom.auth.jar , to be present in %CATALINA_HOME%/lib before the web application starts. The web application uses that custom authenticator module using the following context.xml directive: <Valve className="foo.bar.CustomAuth" characterEncoding="UTF-8"/> As far as I understand Tomcat requirements, this module,

问题 I'm trying to create an anonymous controller in order to acheive form authentication. I configured my IIS 7 with anonymous and form authentication enabled and set my web.config to deny anonymous users. On the login controller I put the [AllowAnonymous] decoration on my controller (and my actions). The only action I can get on this set of configuration is the login action (which returns the "login" view), and I'm guessing that the MVC allows me to get this action because I set it as the login

问题 I want to detect when a asp.net Form Authentication ticket has expired. I then want to log to the server the user that was signed out because of inactivity. Is there an event that fires on the server when the authentication ticket has expired? <sessionState mode="InProc" timeout="5"></sessionState> <authentication mode="Forms"> <forms loginUrl="~/Home/AccessDenied" timeout="5" /> </authentication> In the global asax file, I have tried the Session_OnEnd(). But the context.user object is null.

问题 I need to sign out a user when the user closed the tab or browser, how do I do that in ASP.NET MVC? 回答1: There are a few things you can do to make sure the user is signed out when the browser is closed, but it depends on how you're setting the FormsAuthentication cookie: Use Cookieless=True . Set a FormsAuthenticationTicket to not be persistent Use FormsAuthentication.SetAuthCookie to set Persistence to false Use a JavaScript approach to remove the cookie on window.unload . Cookieless=True

问题 I am using FormsAuthentication for userlogin. I am having a problem after user logs out successfuly the back button is browser allows user to view pages. I tried using javascript <script type = "text/javascript" > function preventBack() { window.history.forward(1); } setTimeout("preventBack()", 0); window.onunload = function () { null }; </script> But back button is completly disabled. It worked bt,I dont want to disable back button functionality when user is logged in. i want my LOGGED IN

问题 Need an idea to write a code to authenticate users before they send the commands to print. Initial idea is to create a windows service which could bypass the call to the printer driver and can open a form for login credentials. so that only the authenticated users who qualifies the monthly quota for printing the pages could access the printer. Please share your views whether this approach is feasible and how this can be achieved. 回答1: You can monitor the Win32_PrintJob WMI Class or the

问题 In ASP.Net MVC, are the Forms Authentication and Membership Provider tightly coupled? The Membership provider model is very different than the existing user validation services that I already have that I need to integrate with. I would like to write my own class to manage users, but still use the built in forms authentication and forms cookie to allow a logged-in user to access authenticated sections of the website. Can I just delete the reference to the MemberShipProvider from web.config and