I want to use custom redirect url in form authentication, means if authentication successfull then I want to redirect the user to a page depending the user type, if user is administrator then admin.aspx page and if user is customer then customer.aspx and if user is retailer then retail.aspx page.how can i do this ?
View 15 RepliesI am using asp.net mvc and jquery to make ajax requests and when the session times out after an ajax request the full sigin page gets loaded into my ajax div.
How can I display a modal popup instead of making a redirect when a session times out?
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 RepliesI have a database which has form authentication tables for an website [let say website A], now I have attached a new website [Website B] to the same database, in this website [Website B] also I have to provide login/authentication which would be separate from the website A authentication system. So I want to have separate table for the users of new website. Specification:
[code]....
will there be any open source membership provider like we have .NET membership provider [form authentication].
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 RepliesI needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I am using ASP.Net's forms authentication, but do not want the default behavior of redirecting to a login page when a restricted area is accessed. Instead I would like to invoke a javascript JQuery dialog for the login on the current page, preventing the content behind from loading.My only issue is that by default the forms authentication wants to redirect. Is there a handler that I can hook into, or some other option to prevent the redirect?
View 3 RepliesI am currently having a spot of bother in something im trying to create. I want it so when a user who is in a certain role logs in they are directed to a certain page, and any other normal users are directed to another page.
I think i have this sorted via code but...
-The first time it will work, the 'admin' user will get directed to the appropriate page
-I then log out and log in as a normal user and get directed to the appropriate page
-then when i log out of that users account and back into the admin one i get directed to the normal users page instead.
-additional to this, I tried it on a different machine logging in as the admin user only to be redirected to the normal users page (is my session being stored somewhere?)
Ive traced through the problem and the user name and password being subbmitted are what they should be, yet it skips the true part of my IF statement for being in that role.
Here is my code I am using on the login form:
[Code]....
-When stepping through if seen it work and not work with the same values, I cant understand the logic of its inconsistency
the code i am using for the logout is (this is on my masterpage):
[Code]....
We just switched to VS2010 and seems like the forms authentication is behaving differently.
Our setup is that we have a default page (default.aspx) so that if you link to the root folder of the site, rather than a specific page, you get switched to default.aspx.
In addition, we have a working forms authentication system set up so that if you try to go to any of the pages you get redirected to a login.aspx page.
The login page can either redirect you to the forms authentication default page (default.aspx) or to the requested URL.
I'm not the one that configured this originally, but it looks like we are getting the originally requested URL from the authentication redirect, since Page.Request.Url = "http://.../Login.aspx/ReturnURL=<requestedpage>"
The problem is that this is failing to work when the original url is the root folder. In VS2008, <requestedpage> would be "/rootfolder/default.aspx", whereas now (in VS2010) we're getting "/rootfolder/". In other words, the site redirect used to be happening before the authentication check, and now it seems to be happening afterwards.
This is a problem because when we are checking to see if we need to redirect to something other than the default page, we check to see if the return URL is empty or matches the authentication defaultURL (which is also "default.aspx". If it matches, we go straight to the default page. If it doesn't we do some processing and then do the redirect. The extra processing is producing strange results when the browser is redirected to the rootfolder and therefore to the default page.
For now, I'm able to additionally test for Request + "default.aspx" (which resolved to the authenticaiton defaultURL), but this feels clunky and I can see headaches in the future if we ever need to rename default.aspx.
P.S. It has occurred to me that it's possible that something changed in web.config or another setup file when we did our conversion to VS2010. I can't find it, but that doesn't mean it's not there.
I have an issue with loginUrl parameter on Forms authentication. Forms Authentication always redirect unauthenticated users to ~/Account/Login ignoring the url configured into Web.Config.
This happend if i add reference to WebMatrix.WebData,WebMatrix.Data into main web.config file (system.web/compilation/assemblies). N.B.: Moving this reference to child web.config file (the one contained into View folder) error doesn't occour anymore
I have a web application that is using siteminder for authentication.
I want to redirect to application that is siteminder enabled. This application might be using site minder forms authentication.
What parameters i need to pass to that application? And what details i will need of that application.
we would like to redirect the user to a given page if the authentication to our SharePoint site fails (i.e. the standard windows login prompt pops up three times - we are using windows authentication). No matter what option we try it always ends up bringing the user back to a blank page.
We have tried writing a HttpModule (and catch the if Response.StatusCode = 401), which doesn't seem to fire any events if the user is not authenticated. We have tried writing a HttpHandler, but of course we can redirect the user if there is an error code but can't continue onto the desired site if not. We have tried doing the following in the web.config:
<customErrors mode="Off">
<error statusCode="401" redirect="http://social.msdn.microsoft.com"/>
</customErrors>
Which doesn't work, again taking us to a blank page.
how to redirect to a custom URL on Forms Authentication timeout? The timeout is working but it is only caught when I try to go to a page in my application because each Page_Load method is wrapped in a custom IsLoggedIn method. Here is the settings I have so far in the Web.config.
[Code]....
In an asp.net mvc website, the site has enable forms authentication. The form login page is located in an area such as:
Area: Area1, Controller: Account, Action: Login
When a user is not yet authenticated and click on a link that requires authentication, the user is redirected to the login page. This does occur and redirect to the login page specify above. However during debug, it was found the area value is not included in the RouteData.Values object. That is, the RouteData.Values object has ONLY the follow value:
Controller: Account
Action: Login
In this case, it is presumed that the MVC application by default searches for the appropriate controller and action without consideration for including the area value. On contrast when I direct click on a link that directs to login page, all processing occurs as expected, i.e. the area value is included in the RouteData.Values object. Is there a work around for this?
The default document feature is turned off in IIS and here's the situation... My start page for my project say is A.aspx. I run the project and sure enough, A.aspx appears in the url of the browser. Like it should though, A.aspx finds no user logged in and redirects to Login.aspx like it should. A.aspx:
if (Session["UserStuff"] == null)
Response.Redirect("~/Account/Login.aspx");
The login.aspx shows up BUT when the user Logs in, the code:
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
always redirects to "Default.aspx" and not "A.aspx"
I've examined FormsAuthentication.GetRedirectUrl and sure enough it returns "Default.aspx"
I have a web app using forms authentication and I have restricted a folder so that only those with an administrator role can access it. I am controlling all of this through the web.config file and adding the proper location tags to restrict access.Currently the application is working fine. If I am logged in as a user and click the link to the administration section, I'm redirected to the login page once again. If I look at the URL, the ReturnUrl parameter is set properly.What I'd like to do is to display a message to the user indicating insufficient security privileges, or something to that effect so the user doesn't think they are getting logged out of the application prematurely or that the application isn't working.
View 1 RepliesI have an application that uses ASP.NET Forms Authentication. For the most part, it's working great, but I'm trying to add support for a simple API via an .ashx file. I want the ashx file to have optional authentication (i.e. if you don't supply an Authentication header, then it just works anonymously). But, depending on what you do, I want to require authentication under certain conditions.
I thought it would be a simple matter of responding with status code 401 if the required authentication was not supplied, but it seems like the Forms Authentcation module is intercepting that and responding with a redirect to the login page instead. What I mean is, if my ProcessRequest method looks like this:
[code]....
Then instead of getting a 401 error code on the client, like I expect, I'm actually getting a 302 redirect to the login page.
For nornal HTTP traffic, I can see how that would be useful, but for my API page, I want the 401 to go through unmodified so that the client-side caller can respond to it programmatically instead.
I am in the process of designing application in case user authentication if failed i need to redirect to default page (NT Authentication). Is there any way you can redirect the user on IIS if the user is fail go through the NT authenticaiton at IIS level.Options 1 : Always land the user to defalut page and validate there and redirect to site based on the access give the directory level access. I am looking if there any options to let the user to default page in case user access is denied.
View 4 RepliesIn asp.net we specify the redirect url when using forms authentications like this:
<authentication mode="Forms">
<forms name="myApp" loginUrl="Login.aspx" protection="All" defaultUrl="default.aspx" path="/" requireSSL="false"/>
</authentication>
this means that when a user log in, will be redirected to "default.aspx" using this method
FormsAuthentication.RedirectFromLoginPage(IDTextBox.Text, RememberCheckBox.Checked);
Now is it possible to make the user choose which page to be redirected to prior to login? for example the user chooses from a list the page to login to prior to login then when authenticated be redirected to this page instead of the default.aspx page. is that possible and if so how can this be done?
Here's my scenario.
I've got a site called domain.com and also another product on product.domain.com. The product.domain.com requires authentication to access it. For consistancy in the user experience I have set the login url in the web.config on product.domain.com to be http://domain.com/Login.aspx. This redirection is working ok - and a sample url would be:
http://domain.com/Login.aspx?RedirectURL=/default.aspx
The problem is that the RedirectURL does not take into account that the request originally came from product.domain.com so when the authentication is successful the user is not redirected back to product.domain.com
I have come up with a solution for this but would like feedback if possible.
I changed the loginURL in the web.config to http://domain.com/Login.aspx?domain=product.domain.com so the sample url is now:
http://domain.com/Login.aspx?domain=product.domain.com&ReturnURL=Default.aspx
I then override the LoggedIn event in the membership control and check to see if the domain value pair is specified and if it is I redirect to the domain + ReturnURL.
As I said previously i'd appreciate any comments or other ways to achieve the same result.
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
I am a beginner of asp.net..I currently have a login page with forgot password link button on the bottom of the screen. I am also using forms authentication to prevent an unauthorized user from accessing the other pages. The authentication seems to be working fine except for one thing. It prevents the user from accessing the password recovery page once the user click on the link button. How do I allow all users access to the login/password pages and also prevent them from viewing the other pages if they are not authenticated?The code below is to prevent from other anonymous view other pages without access. But i got no idea on how to allow them to access password recovery page...
<authentication mode="Forms">
<forms loginUrl="/Presentation/Display/Login.aspx" name=".ASPNETAUTH" protection="All" path="/" timeout="120" cookieless="UseDeviceProfile" slidingExpiration="true"/>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?"/>
</authorization>
This has been a nagging issue for some time, but very sporadic and difficult to isolate.
From time to time, browsers that have authenticated on a web application, have been open for a while, have logged in and out of the same web application multiple times, have multiple tabs, are pretty much any browser (Chrome, IE, Firefox, Safari), and seemingly at random, lose their ability to retain an AuthCookie after being set and followed by a redirect. Closing the browser and starting a new session resolves the issue, as does opening up a different browser and attempting to authenticate.
Our team uses forms authentication for all of our websites and web application. This is a pretty typical setup where a login form is displayed, the user enters credentials and a cookie is set on the click event of the postback, then a redirect occurs to the same page where the cookie is then referenced and used to complete authentication.
In this situation
FormsAuthentication.FormsCookieName = ".WebAuth"
Within Event:
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, Username, DateTime.Now, DateTime.Now.AddMinutes(SessionTimeout), false, Username); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(faCookie);
Response.Redirect(Request.RawUrl, true);
After the redirect, on PreInit:
HttpCookie authCookie = Request.Cookies[cookieName];
At this point, the authCookie variable is typically not null, but in these isolated circumstances that I've outlined above, the cookie comes back null after the redirect.
This happens very randomly, sometimes weeks before affecting one of our developers. As I said, restarting the browser resolves the issue.
Today I had it happen on our dev server while using Chrome. I had logged into the application, allowed the application to session timeout, and then attempted to login again. The attempted login then failed to set the cookie. I remotely attached Visual Studio to the process on the server to begin debugging. The entire time I could step through my code, even deploy new code versions to the server with updates, restart the app, restart IIS on the server, attach and reattach to the project, and the issue persisted in Chrome. In Firefox, I was able to authenticate without issue.
From Chrome, the login would validate, attempt to set a Response Cookie as outlined above. Prior to redirect, I could see the properly set Response Cookie, as well as its counterpart in the Request Cookies. However, on each redirect after a seemingly successful login, the Response and Request Cookie are gone.
I enabled Trace on the application to view the cookie collection:
There is a .WebAuth in the Request Cookies Collection, as well as ASP.NET_SessionId and several ASPSESSIONIDxxxxxxxx, but when the page loads, only the ASP.NET_SessionId and ASPSESSIONIDxxxxxxxx cookies are available in the Request.Cookies scope, no sign of the .WebAuth. However, in the page's Trace information after render, there multiple .WebAuth cookies listed, it is just that the page seems to have no access to them.
Primarily, on a working version after authentication there is both a .WebAuth Response and Request Cookie in the page's Trace info. But on a non functioning browser window, the Response Cookie is absent.
Has anyone else had any experience with this? It is such a nagging issue, and so sporadic, but I would love to be able to resolve it. My concern is that it may be affecting users and we would have no knowledge since the description of the issue is so convoluted.
I have the following setup:
[URL]
[URL]
Each virtual directory is configured on IIS6.0 as an application with own AppPool.
When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to the login page. This issue was not coming up with each app (dir1 and dir2) were configured under subdomain, ex: [URL]
I have resolved the issue by adding a machine key to the machine.config file.