forms-authentication

来源： https://stackoverflow.com/questions/19893718/mvc-5-external-authentication-with-authentication-mode-forms

问题 I have read and followed this article to setup my site using our AAD (Azure Active Directory) to get SSO (Single Sign On.) I have gotten it to work in a brand new website both with localhost as well as when I publish it to Azure. Here are the settings for the working version's App Registration: Branding: Home page URL: https://<worksgood>.azurewebsites.net Authentication: Redirect URIs: https://localhost:44390/ https://<worksgood>.azurewebsites.net/.auth/login/aad/callback Implicit grant: ID

问题 I have read and followed this article to setup my site using our AAD (Azure Active Directory) to get SSO (Single Sign On.) I have gotten it to work in a brand new website both with localhost as well as when I publish it to Azure. Here are the settings for the working version's App Registration: Branding: Home page URL: https://<worksgood>.azurewebsites.net Authentication: Redirect URIs: https://localhost:44390/ https://<worksgood>.azurewebsites.net/.auth/login/aad/callback Implicit grant: ID

问题 I have been tasked with implementing point 4 in this article: http://support.microsoft.com/kb/900111 This involves using the Membership provider to add a comment to users server side records when they log in and out, and then confirming that when a cookie is used to authenticate, that the user hasn't logged out. This makes perfect sense to me. Where this starts to fall apart is that we do not currently use a membership provider, and so it seems like I face reimplementing all our

问题 I am authenticating a user: [Route("Login"), HttpPost, AllowAnonymous] public LoginViewModelResponse Login(LoginViewModelRequest data) { if(!Membership.ValidateUser(data.Username, data.Password)) { return new LoginViewModelResponse { DisplayMessage = "Invalid Username/Password!", IsSuccess = false, RedirectUrl = "/Home/" }; } FormsAuthentication.SetAuthCookie(data.Username, false); ClaimsIdentity identity = new GenericIdentity(data.Username); var roles = "Administrator,User".Split(','); //

问题 I am authenticating a user: [Route("Login"), HttpPost, AllowAnonymous] public LoginViewModelResponse Login(LoginViewModelRequest data) { if(!Membership.ValidateUser(data.Username, data.Password)) { return new LoginViewModelResponse { DisplayMessage = "Invalid Username/Password!", IsSuccess = false, RedirectUrl = "/Home/" }; } FormsAuthentication.SetAuthCookie(data.Username, false); ClaimsIdentity identity = new GenericIdentity(data.Username); var roles = "Administrator,User".Split(','); //

问题 I am facing a strange issue in a particular version of IE/ Edge browsers (Ex:- IE 11.0.9600.19329). The issue is, when I click on 'Ctrl+P' on a specific page in my application "Session_Start" event gets fired, which is not happening in other browsers. I have verified different forums, but couldn't find any solution. Any suggestion to resolve this issue? 回答1: Can't reproduce the problem, it works well on my side. Try to reset the browser setting (IE browser and Edge browser), if still meet

问题 Where exactly does Forms Authentication exist in the Http Pipeline? 回答1: This is handled by an HTTP module, System.Web.Security.FormsAuthenticationModule. If you look at the system-wide web.config file, c:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config , you can see where it's mentioned in the <httpModules> section. The site-specific web.config file will inherit the configuration in that file. On each request, the module will look for an authentication cookie. If it's not

问题 Where exactly does Forms Authentication exist in the Http Pipeline? 回答1: This is handled by an HTTP module, System.Web.Security.FormsAuthenticationModule. If you look at the system-wide web.config file, c:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config , you can see where it's mentioned in the <httpModules> section. The site-specific web.config file will inherit the configuration in that file. On each request, the module will look for an authentication cookie. If it's not

问题 i have following settings in web.config <authentication mode="Forms"> <forms loginUrl="~/Account/login" slidingExpiration="true" timeout="2880" protection="All" /> </authentication> but the cookie expires in less than five minutes of inactivity. Any clue on what is happening? 回答1: I recognize this behavior from a web host where I run one of my sites. It all started when moving to new servers, prepared for dotNET 4. The web.config is completely ignored and, as you mention, five minutes seems