I have used the Forms Authentication for logging in and in that i have created the Forms Authentication Ticket and in that ticket i have passing the data with comma seperated values.how can i get the data which is in the ticket to access in the Authenticated user pages
View 1 RepliesI have an ASP.NET website that uses Forms authentication
<authentication mode="Forms">
<forms name="NewsCoreAuthentication" loginUrl="~/Default.aspx" defaultUrl="~/Default.aspx" protection="Validation" timeout="300" domain="someRootDomain.com" />
</authentication>
I need to identify if user is authenticated on web page after it was rendered to client. To accomplish this I thought that I can read document.cookie and check if ".ASPXAUTH" is there. But the problem is that even if I am signed in this value is empty.
How can I check that user is authenticated? Why document.cookie is empty?
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
View 5 RepliesThe constructors for manually creating FormsAuthenticationTicket objects force us to set an "expiration" value, and this value overrides the "timeout" setting in web.config in my tags, which is not what I want, because now the user doesn't timeout. The "session" just expires at the given time.I need to manually create my ticket for UserData reasons, and it is just the way I decided to build my app. I guess I could spend a whole lot of time and redo the way my app. authorizes, and store the "userdata" elsewhere... but this seems extremely tedious for something so small..Is there anyway to manually create an Auth Ticket and still maintain timeout settings?! And by timeout, I mean resetting the timer on user activity. Not a fixed timeout!
View 1 RepliesI am getting this error many times in the event log , and users are logged out .
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 3/10/2011 3:35:22 PM
Event time (UTC): 3/10/2011 8:35:22 PM [code]...
I am not using web farms. I do not think the app pool is recycling , i compared the Process ID in several events and it is equal . My machine key is not AutoGenerate .
My event log is flooded with this message: Forms authentication failed for the request. Reason: The ticket supplied has expired.I think this happens when people timeout instead of logout.First of all , this is not an error, it's Type: InformationI don't want this information, how do I stop ASP.NET from logging it?My application is not web-farmed, and uses a static machine key.
View 1 Replieswe recently upgrated our project from 1.1 to 2.0. since then we are seeing "Forms authentication failed for the request. Reason: The ticket supplied has expired" in Event Viewer. this keeps coming 1-2 times for every minute. this is the full message. this also made the response time increased it seems.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 1/25/2010 5:00:30 PM
Event time (UTC): 1/25/2010 10:00:30 PM
Event ID:
Event sequence: 20601
Event occurrence: 2692
Event detail code: 50202.....
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
View 1 RepliesAfter a user is authenticated I store their username in session state but if the session times out, I want to create a new session for the user based on their username they authenticated with original. How can I get from Forms Authentication the currently authenticated user?
View 2 RepliesI am using the ASP.NET login control. I want to be able to set the timeout for Forms Authentication individually for each user (instead of globally in the web.config). From what I understand the only way to do this is to set the timeout on the AuthenticationTicket manually. Is there a way to do this when using the Login Control? It seems to me that the Login Control abstracts away all of this. I am hoping that there is some way to continue using the Login Control, but also have the ability to set the FormsAuthentication timeout individually for each user.
View 2 RepliesDoes anyone know how to add a generic principal to the HTTPContext from the Forms Authentication Ticket?
View 1 RepliesHow to check if user is authenticated while using Forms Authentication ..?
View 2 Replieshere's what I have:
My asp.net 3.5 app uses Forms Authentication.
I create an authentication cookie (ticket) with an expiration date of one day.The cookie'sIsPersistent is set to true.
I do not use any session variables.
Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the cookie and the session worked independently. Shouldn't the user remain logged in as long as the cookie hasn't expired?
Way to get FormsAuthenticationTicket after user logged in?
View 4 Repliesi have a custom class has extra information about my users , i want to create an object of this class and attach it to current Authentication ticket , what is the best way to do that , i have read there is a userdata thing in the authentication ticket but it's type is String
View 5 RepliesI'm having a problem trying to delete the form authentication ticket (.ASPXAUTH) from the server side. It would be the same to delete or invalidate the ticket so the client could not reuse it.
So far, the only solution I've found is to delete the ticket from the client side (through a "Set-Cookie: .ASPXAUTH=;") but nothing seems to be implemented and/or working for doing so in the server side. The final idea is that if someone steels that ticket
In particular, I'm working in C# but as it's rellated to the Dotnet Framework any implementation of the solution would be OK; I tried all the possible things and nothing worked out, even invalidating the session but nothing.
Since we updated our website to .NET 4.0, users using a proxy-server can't login in our webapplication anymore.In the event-viewer on the server this error is thrown:Forms authentication failed for the request. Reason: The ticket supplied was invalid.This problem only exists for users with a proxy, all other users can login normally.We are not using a web garden or multiserver (load balance) environment, just a webserver and a databaseserver.
View 4 RepliesOur web app currently under development has authentication on all the pages.
We can deny a user access to any particular page but have found that if a user had previously opened the page that they can still access the page via the url. [Even if they log out and log in]
Assuming that the page is coming from client cache [Ctrl F5 in IE kicks in the proper authentication behavior or clearing the client cache]
A lot depends on how we have implemented the authentication but a quick fix on our side would be from within the admin section where we deny access to certain pages that we expire client cache for that page.
Is there a way to do this programmatically.
This would mean that client caching would continue to work as normal for all other users that still had access to the page in question.
I would like to know what is the best way to include Cache-Control: no-cache, no-store in authenticated pages in DotNetNuke 5.4.4. In fact, I want to prevent caching in IE6/7 and FireFox as well.
View 1 RepliesWhy can I still access files inside a forms authenticated part of my site? Any webpages say that you need to login to view them, but people can still access images by typing in the address bar. I am using forms authentication with my own database, so none of the aspnetdb services like membership roles etc. Is this a bad way to do things because I'm pretty deep into it now and it would be very difficult to change.
View 16 RepliesAs part of my new user setup, when they sign up for an account I create want to be able to create a directory under a Documents folder for them and then write a web.config file in that folder limiting access to it to the new account. However because they are still in the process they are an unauthenticated user at that point (Forms authentication), and I get an error that they don't have rights to that folder I want to create their sub-folder in. What do I need to set the folder security at to be able to create a folder and a file in that folder from code?
View 8 RepliesI need to check if an authenticated user is authorized to access a directory. I have done this before with a base class library method, I just cannot remember what class it's part of or what it's name was. I think the method was a static method and the class may have had the word Utility in it's name, but I just can't remember or find it on the net. BUT I KNOW I HAVE USED IT! The method definition was something like:
bool SomeTypeWithTheWordUtilityInTheNamePossibly.VerifyUserIsAuthorized(Principal user, string virtualPath)
I'm not using a roles provider in this application and I'm not planning to.
I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies