Is it OK to call FormsAuthentication.RedirectFromLoginPage many times?
On login page we test if user is already logged in, and if it is we just redirect him to default page with FormsAuthentication.RedirectFromLoginPage...
Question is if user sets a script that loads login page 10'000 times, would calling the FormsAuthentication.RedirectFromLoginPage that many times make problems?
What is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
I have the following code in my secure/login.aspx page using .NET 3.5 and VB.NET
[Code]....
[Code]....
I read some articles that mentioned specifying the domain attribute within the <forms tag but that did not seem to work either. e.g.
I reach my login page with the parameter "returnUrl" set to the URL I was on. Then, I login via OpenID (DotNetOpenAuth), and call FormsAuthentication.RedirectFromLoginPage(). The login is successful, however I am not returned to the original page I was on.
I'm having the same problem on logout - when I log out I don't remain on the same page, even though the logout link contains the correct "returnUrl" parameter.
What am I doing wrong?
Here is the code snippet. I am returning EmptyResult() after the call to RedirectFromLoginPage, because I don't really know what to do (see this related question)
using (var relayingParty = new OpenIdRelyingParty())
{
var response = relayingParty.GetResponse();[code]....
I have a page, URI looks like this:
http://domain.example.com/Profiles/Profile.aspx?username=blah#blahtab
When that fragment (#blahtab) is present, some jQuery picks up on that and displays a different section of the page initially. However, that page requires a user to authenticate first. Coming back from the authentication step using FormsAuthentication, the fragment is discarded, regardless of the UrlEncode step.
I don't see the fragment actually sent to the server when I use a debugger on my local machine. Is this standard fare and the fragment is only for the client side?How can I keep that tacked on without writing my own redirection code on the login page?
Alternately, should I use another method to preserve the view of the page?
I have an ASPX web site and I have code in there to redirect from the login page with the call to
"FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and the call to redirect works on a previous version of the website we have running currently, but the one that I am updating on a separate test server is not working. It gives me the error "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." I have this in the config file:
<authorization>
<allow users="*" />
</authorization>
under the "authentication" option and...
<location path="Admin">
<system.web>
<authorization>[code]....
for the location of Admin.Also, there is no difference in the code between the web.config, Login.aspx, or the default.aspx files on the current server and the one on the test server, so I am confused as to why the redirect will not work on both. It even works in the Visual Studio server environment, for which the code is also identical.
i'm using the FormsAuthentication.RedirectFromLoginPage for the user login and for redirect to default.aspx page. I want that if a user called admin do the login is redirected to the page admin.aspx
View 3 RepliesI know this post is the same than other around but I can't get it to work the way I want, the thing is that the Login.aspx page have it in a folder not in the root of the directory, also the page that I want to redirect the user to is in the same folder, so far I got this in my web.config file
[Code]....
All pages contained in the Admin folder want it to be protected, the administrator needs to authenticate first, so my question is what I am doing wrong? need to take the Login.aspx and the admin.aspx out of the admin folder?
How to set Request.IsAuthenticated to true when not using FormsAuthentication.RedirectFromLoginPage?
View 3 RepliesWe have an ASP.Net web service the call to which, due to some bad design, often takes more than 20 minutes to return. We have changed every setting that we can think of, but no matter what we do, we always get a timeout after 20 minutes. It happens that this web service is a BizTalk orchestration exposed as a web service, but I do not think that is relevant -- the error is an ASP.Net error.
There must be some setting we can change to increase the timeout to more than 20 minutes, but we've exhausted our knowledge. What setting are we missing? EDIT: Among other setting, we have tried those detailed here: [URL], which includes httpRuntime executionTimeout, sessionState timeout and app pool idle timeout.
I open a pop up window by window.open, then after selecting value from grid link i need to move my parent page as i am doing like
<a href="../../AddressBook/AB_UDCMaster.aspx?mode=Search&ParentCode=<%# Container.DataItem("ParentUDCCode") %>&UDCParentID=<%#Container.DataItem("UDCParentID")%>'"><%#Container.DataItem("ParentUDCCode")%></a>
I'm using the local database functionality in Chrome and Safari and what I do when I want to save this to a remote database is to create a hidden textfield and then using JSON to stringify each row. In the code behind I then parse each JSON object and insert it into the list. What I want to do now is to delete these rows from the local database. I have a JavaScript function called deletePatient:
[code]....
How can I do this?I want to be able to manually specify the location that I want the user to be redirected to using this method....?
FormsAuthentication.RedirectFromLoginPage
I have created two iis web sites (site1,site2) both have the following configuration
[Code]....
from site1 i do
[Code]....
and in site2 if i checked if the user is authenticated ,i get a true, and i see "user1" as the current user.i know that what i have done above use a cookie,and as i know cookie are visible in the same domain (site) or sub domain,how form authentication make the cookie visible for both sites , this scenario must work for a site with two virtual directory inside it(sub site or application), but what is happening here any explanation.
I use FormsAuthentication.RedirectFromLoginPage(userName.Trim(), false); to set the User.Identity.Name field that I reference later. When I execute this line, the User.Identity object does not update at all; it contains whatever it was previously set to. All the documentation I see online says this should update my User.Identity object with the correct name, but I don't see that happening.
I have the web config set up properly with the following lines:
<authentication mode="Forms">
<forms name="formsauth" loginUrl="Login.aspx" protection="All" timeout="60">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
the question is how can i delete a coockie that is created with FormsAuthentication.SetAuthCookie?and how can i set the coockie to have more duration?
View 39 RepliesIs this a security issue or by design?string UID = "randomusername" // does not exists in aspnet_Users table
FormsAuthentication.RedirectFromLoginPage(UID, false);Authenticates users, redirects to login page.Profile Page is set to chech User.Identity.IsAuthenticated etc...when they update the profile, it ads the user to the aspnet_users table automatically, which is not what I want.
is it possible to set the FormsAuthentication.FormsCookieName in Codebehind(f.e. in Global.asax)? All properties that i have seen that lead to this config-parameter are readonly.
View 1 RepliesWhen i tried to implement form authentication in various subfolders i am getting an error as follows:it is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
<location path="HelpDesk">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Helpdesk/Default.aspx" />
[code]...
I have both the wcf and asp.net project together in the same project. (I'm running on Azure, so this is more convenient).I have this set in the web.config:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
y wcf service is decorated with:
[code]...
what is the use formsAuthentication.user.identity
is it one of the property of page
I have a login page that is set to the loginUrl property in the authentication section of my web.config file. I am trying to reference a CSS stylesheet, but it doesn't seem to be doing anything. Here is my markup:
[Code]....
I am able to do this just fine on my other page. One thing I noticed was when I click on "View Source" and try to click the link to the stylesheet, it doesn't take me there, and instead changes the "action" property of the form element to this:
[Code]....
After browsing the MVC section on CodePlex I noticed that the [Authorize] attribute in MVC returns a HttpUnauthorizedResult() when authorization fails (codeplex AuthorizeAttribute class). In the source of HttpUnauthorizedResult() from CodePlex is the code (I'm not allowed to enter another URL as my rep isn't high enough, but replace the numbers on the URL above with 22929#266476):
// 401 is the HTTP status code for unauthorized access - setting this
// will cause the active authentication module to execute its default
// unauthorized handler context.HttpContext.Response.StatusCode = 401;
In particular, the comment describes the authentication module's default unauthorized handler. I can't seem to find any information on this default unauthorized handler. In particular, I'm not using ormsAuthentication and when authorization fails I get an ugly IIS 401 error page. Does anyone know about this default unauthorized handler, and in particular how FormsAuthentication hooks itself in to override it? I'm writing a really simple app for my football team who confirm or deny whether they can play a particular match. If I enable FormsAuthentication in the web.config the redirect works, but I'm not using FormsAuthentication and I'd like to know if there's a workaround.
Just a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
In my account controller I am calling FormsAuthentication.SetAuthCookie( emailAddress, rememberMe ).
Response.Cookies has my cookie. However, after the redirect the cookie is gone and the request is not authenticated.