.net - Multiple Forms Authentication Scenarios On The Same Website?
Mar 23, 2011
Until now, I've always used straightforward Forms Authentication on my community websites, and that one method of authentication, with that one cookie/ticket has been used throughout the website (with varying roles per user also stored in the ticket). I haven't used the built in LogIn controls and instead have always just created my own login/registration form, and written the code to insert into (and authenticate against in the log-in scenario) my bespoke 'Users' table. So I've essentially just been utilizing the .IsAuthenticated() method (to determine if a user is logged in), referenced the UserData property in the ticket (to determine which roles the user belongs to), and set up the 'location' restrictions in the Web.config, so the log-in page is automatically shown for pages that require 'member access' etc.
With my new project, I will need user registration/login for the Forums/Community part of the website only. I then need an additional user registration/login for the Recruitment part of the website (not related in any way to the users that sign up/log in to the Forums/Community part of the site).I was wondering if this possible, and if so, how to go about it?e user registration/sign-in pages might look the same, but my underlying code would would create accounts/authenticate against different DB tables.
I have developed for SharePoint and in those cases it is clear how workflow can (You have documents that needs approval and there are built in SharePoint workflows for this) But now I am doing standard ASP.NET web CRUD apps with WCF. I would like to find a way to get WF 4.0 invovled but I am not sure how to do it and never see any examples....
I'm been working on a GetRuleViolations() method for my User class, but I'm getting a little hung up on on something:
What happens when different actions require different business rules?
My User table has the following columns: Id, UserRoleId, Username, and Password. Several actions involving User are possible (create new user, edit user, set/reset password, and log in), and the business rules for each are not always the same.
For example, when users log in, they are required to enter a password, but when admins create a new user, entering a password is not even an option. And in the case of setting/resetting a password, the password needs to be entered twice, and the two values need to be an exact match. What is the best way to handle this complexity? Is there some kind of design pattern to allow the right GetRulesViolations() method to be selected for the right circumstance?
I need to handle 2 different scenarios.1. Webapplication in a Servercenter. A user can authenticate against a companydatabase with an user account that is stored inside the companytable. We provide services to different companies, and every company has their own database. A management database contains the relation of company to database and server. A user need the companyname, username and password to logon.2. Webapplication on a company serverThe services are hosted on hardware inside the companynet. There is only one company to handle, so that a user doesn't need a companyname for login.Whats the best approach for this problem?
point out an example or tutorial online that shows where data validation is done in the viewmodelas against the model? i saw a number of posts where that method is recommended..i dont really agree with it but i would like to see how it would work out..
I have a problem with membership authentication. I have two websites, website1 and website2, and both of them uses forms authentication with SQL membership provider (SQLEXPRESS). I have two scenarios:
Case 1:don't publish the website1 and try to login website1 with user1 -->Works ok don't publish the website2 and try to login --> it displays the previously logged in user (Website1 user)-->Perfect
Case 2:publish the website1 and login-->works ok publish the website2 and try to login--> it does not show up the site1's logged in user (No idea why)
then login into website2 and open website1-->it does not show up the website2 logged in user or any user...It looks like something wrong with cookies....
my web.config looks like this:<authentication mode="Forms"> <forms loginUrl="~/LogOn/LogOn" timeout="2880" protection="All"/> </authentication> [code]....
im trying to set up a website with forms authentication. so i created a new asp.net project in vs2010 and ran the asp.net configuration after that i tried creating a new asp.net database and used the following code to disable the user instance database and use the new database i created.
I have two applications with a single domain name ([URL] and [URL]). First one has been developed in .NET 2 and the other one with .NET 4. I have configured web.config as these steps:
1- I've set the same machine key for both of them. 2- I've set the coockie name. 3- I've set the domain name to "domain.com". 4- Also, I've set hardcoded coockie domain name to "domain.com" .
Everything was working fine when both of them were running on a single web server. Recently, I've been asked to move test.domain.com to another server. After moving, authentication ticket is not valid on the second server. I tested both of them on a single server again and everything was workinh fine, but in two servers users can't acces to test.domain.com. (Authentication Ticket is invalid)
Edited: The second server is a virtual (VMWare) server. I don't have any problem in physical servers. I checked the server's time to be synchronized. I also used fiddler to see if the server does not get the auth ticket and ther ticket is sent to the 2nd server. Note: Servers are located in different networks and maybe proxy or firewall causes this (I've no idea)
I want to support the following scenarios on my ASP.NET MVC website:First time visitor wants toregister, via facebook connect. I'dlike the user to have an entry in myuser membership table - so I havethem enter a username/password(email gets populated via facebookconnect).Registered user returns to mysite, logged into facebook already.I'd like my site to see they'relogged into facebook already and auto log them into my membershipsystem.Registered user returns to msite, but is not logged intofacebook.
Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at [URL]
(basically, setting up identical <forms> sections in the Web.config, and keys in the <machineKey> section)
Now, I am trying to do something similar to get BlogEngine.NET (which is a Web Site, not a Web Application) to work sharing forms authentication with a Web Application of mine. I have tried both putting it as a virtual application in a subfolder, and setting it up as a separate IIS site (same domain name, different port number), but I can't get the authentication to work at all: when I go to the blog while logged in to my Web Application, Page.User.Identity.IsAuthenticated is always still "false".
I'm really not sure how to even start debugging this, since the forms authentication is handled before any of my code runs.
I have posed this question recently in a different form, but the answers I got led me nowhere. This is what I want to do:
Have a web site that requires users to login.
Have the authentication process be done by ASP.NET (rather than Windows).
I have had many links to voluminous articles in MSN that simply did not work. Is there not a simple (wizard-like) way to start a web site from scratch and establish the objective of having users login to the site? I have tried creating a blank ASP.NET Web Site and using the Website>ASP.Net Configuration tool. But as soon as I go to the Security tab, rather than getting the wizard, I get the error:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: The database filename can not contain the following 3 characters: [ (open square brace), ] (close square brace) and ' (single quote)
Does anyone know some SIMPLE steps to setup a new web site with ASP.NET authentication (forms authentication)?
We have some routing rules that use the prefix /en/ in the url as a identifier for the language, but the problem is that if someone is visiting our french site [URL], they are redirect to [URL], which in turn sets the culture to english. So after logging in, users may need to change there language back to french.
So if the website need to suppurt more languages, so I need to do something like this in the web config:
[code]....
I know you can not have code in the web.config, but this is just to illustrate what I am trying to achieve. Could anyone provide a simple solution, or links to solutions they may already use?
I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page).
In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure thaf if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ?
I'm working on a new project and I would like to use forms authentication to protect the necessary pages. The project is going to be focused on companies where a company would create an account and have multiple users. Each company should have its own data and should not be able to see other companies' data. What would be the best way to go about this? I've considered using a subdomain for each company which would tell the application which membership provider to use. I've also considered using an additional credential such as company ID to specify which company the user is logging into.
I can use sessions but I wish to use Form Authentication method to implement this. how to achieve this using Forms Authentication or tell me a procedure to implement this using Forms Authentication.
i have one web service how can i give access to that web service to many user(with secure method). Now i am checking url and only doing for one site. So what should i do.
I have a website, and if there is an anonymous user (not logged in) then I want my navigation (a section of the master page) to show an element of the menu called "Login". But if there is an authenticated user then I want the navigation to NOT show this "Login" option, but to display a menu item/link to a resource that is only available to logged on users.I know how to set restrictions on files and webpages, but how do I implement this with the navigation menu?
i want to access yahoo user name and basic info by loging from my website.how it would b possible,i have created app in Yahoo,i have key and consumer secret value.
We're using ASP.NET and IIS 6.0. I realise that the definitions of applications, websites and virtual directories are ill-defined in IIS 6, and changed a lot in IIS 7. However, I'm stuck with IIS 6.0 for now.
We have a single web site defined in IIS, and a number of separate sub-sites in Virtual Directories.
The scheme looks like this:-
[URL]
[URL]
site1, site2, ... are virtual directories in IIS 6.0, under the "Default Web Site".
I need to use ASP.NET sessions and forms authentication in most of these sites, and I don't want them to share authentication data or session information at all.
Both the mechanisms currently depend on cookies. However, the cookies created by default use the same name, and have a path of "/" in the browser, meaning the sites' cookies will clash with each other.
Without changing the default name for each cookie, how can I enforce separation between my sub-sites? Do I need to change the virtual directories for IIS 6 "Applications"? Or is there some way in code to enforce a more limited scope for the cookies?
I am working on creating an iphone application which logins to we website and retrieves a table, and displays the content within the app. To view the table a Login is required. It seems the site is using Form-Baseds Authentication. WebSite's Login Screen So How do I pass the login ID and pass from xcode to the to the site and retain the information so the user only needs to login once.
i want to have several domains A, B, C where a user can enter his username and password to login to a common main domain D.
So the user goes to A, B or C, enters his username and password, clicks the "login" button, and is then on the main domain D in a logged in/authenticated state. Then the user does the things he wants to do, and then clicks the logout-button and is then returned to the original domain that he came from, be it A, B or C.
What is the best way to do this?
I currently use forms authentication in ASP.NET 4.0 (C#).
There is the following design: the back-end implemented as WCF, the public front site and two intranet sites (all three talking to the back-end). I believe that authentication on the sites is not enough (i.e. passing ClientID to WCF in each request as a parameter) and i want to protect my back-end (WCF) with authentication to perform double-check and have PrincipalPermission on the methods with roles specified.
I'm sure that identity names from both providers do not cross (public logins are digits only and the intranet will be something like 'DOMAINLogin'). The front site uses forms auth and its provider returns GenericPrincipal. The intranet sites use Windows auth and i have WindowsPrincipal attached to Page.User.
Is it possible to configure WCF to use two membership providers (custom one that the front site uses and Windows) out of the box, without writing another custom code? Is it important how my WCF is hosted? Currently it's windows service. Do i need to switch to IIS 7?
