How To Get Anonymous Authentication Token For Profile Support
Jun 14, 2010
So I have an asp.net Web Application (Not Web Site) that I am trying to support profiles for anonymous users. I have a form and I want anonymous users to be able to enter their name and email only once, and have that information automatically accessible on the next load for them.
In my Web.config I have anonymous ID setup like so:
<anonymousIdentification enabled="true" cookieless="AutoDetect" />
I have my profile section setup like this:
<profile defaultProvider="SqlProvider" enabled="true" inherits="QA_Web_Tools.UserProfile">
<providers>
<clear />
<add connectionStringName="QAToolsConnectionString" name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider" />
</providers>
</profile>
Finally, due to my app being a Web App and not a Web Site, I am using the profiles via this custom object:
public class UserProfile : ProfileBase
{
public static UserProfile GetUserProfile(string username)
{
return Create(username) as UserProfile;
}
public static UserProfile GetUserProfile()
{
return Create(Membership.GetUser().UserName) as UserProfile;
}
[SettingsAllowAnonymous(true)]
public string FullName
{
get { return base["FullName"] as string; }
set { base["FullName"] = value; }
}
[SettingsAllowAnonymous(true)]
public string BuildEmail
{
get { return base["BuildEmail"] as string; }
set { base["BuildEvmail"] = value; }
}
}
This code is based off of this reference. The issue is that that code does not support anonymous users, or if it does I don't know how. I can't use the GetUserProfile() method with no parameters because if the user is anonymous, Membership.GetUser() is null. I could pass in the anonymous ID token into the first GetUserProfile(string username) method but I cant' find any way to get the anonymous ID token for the current user. Does anyone know how to get this information? Google doesn't seem to be returning useful results.
View 1 Replies
Similar Messages:
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies
May 21, 2010
I have a Postgre profile provider that runs ok with membership, roles, profiles etc.. But I have a problem.I'm trying to have a anonymous user profile but the provider get an error when I try to save the profile.It says:
Error 23503: insert or update on table "profiles" violates foreign key "pofiles_username_fkey"I configured my web.config with anonymousIdentification enabled, and profile ok, But it seems that when the profile saves, it can not find the anonymous user in the users tables that it's related with profles user. I googled for long time and I think I have all good configurated, but somehow, profiles with anonymous user is not working.
View 9 Replies
Sep 15, 2010
I'm working on a solution to part of my companys site that is done in 2 different languages. My part of the project is in ASP.NET, and the login portal is in a different language. We pass authentication credentials by storing login information in the database on the portal page and then sending a corresponding token to the URL in the page written in .NET. Almost all the tutorials and articles I've read about security for ASP.NET, and most languages, the message has generally been "just use the built in stuff and don't mess with it".
I have code that takes the token, goes into the database and gets the user details.. what do I do then to integrate that into the built-in security stuff for ASP.NET? I'd like to ultimately use Action Filters for authorization on my controllers.
View 1 Replies
Jul 28, 2010
We have a SSO authentication service that other externally facing web pages and services use to authenticate users. A user tries to reach a service, if no cookie is found containing an authentication token, they are redirected (HTTP 302) to the SingleSignOn authentication service. The auth service does it's work, and redirects the user (HTTP 302) to the original URL with their encrypted authentication token in the URL. Great. How can I invoke this from a WCF POX service? No SOAP here, just HTTP GET/POST with XML responses.
What I'm currently doing is, in each service method implementation method, checking the headers for the cookie. If the cookie exists, verify the auth token and process the request. If the cookie doesn't exist or the auth token has expired, then respond with:
[Code]....
That works, but isn't integrated with any of the WCF features, and requires me to manually code for a whole bunch of scenarios. Is there a way I could implement this using these classes:
[Code]....
or use some other means that checks each request to the service? I've been reading pages like: How to: Create a Custom Token, but I don't see how it applies to my needs. I'm looking into this because I have some time before my project kicks off, and I'd like to implement this project correctly and learn about WCF as much as I can.
View 2 Replies
Oct 30, 2010
I have an asp.net site. Its a mixture of web forms and MVC2.
I have this on 2 different servers which I get to via different urls.
On one server authentication works fine via all browsers (IE 8, FF 3.6, Chrome)
On the other IE 8 fails, it doesn't send back the cookie on the request to the page after authenticating.
Using Fiddler I have seen that both sites attempt to set the cookie, in the response from the login page.
Response Header I see from both servers
Set-Cookie: DemandLaunch=CCA4...E79C2D1; path=/; HttpOnly
Both sites are in the internet zone of IE.
I'm at a loose for what to check now.
I also have a page that sets a cookie via c# code and that cookie fails in IE as well.
The IE issue is not on a single computer either. I see this failure on 4 different computers Internet Explorer.
My urls which I should have included were:
beta.[site].com - works
beta_[company].[site].com - fails
View 1 Replies
Mar 2, 2010
How to create Uniue Token with properties like expiration time,
Any standars method provided by Microsoft,
View 2 Replies
Feb 21, 2011
I'm trying to get a ASP.NET application to use windows authentication. I have disabled anonymous auth and enabled windows auth in IIS7. On my dev box (my workstation, localhost) I can use fiddler and see proper token is passed in through the header and I'm not prompted. Everything is working fine and I'm authenticated as my domain user.
However, on a remote server on our domain, with identical settings, I continually get prompted. We need it to automatically send the domain authentication for windows auth.
Does anything in IE need to be configured for this to happen for a remote machine on the same domain?
View 2 Replies
Aug 4, 2010
I have a user control which, when pressing a command button, sets a property for the Profile (which has been marked as allowanonymous=true), then save it using Profile.Save().
Now, in IE this works fine - no problems at all. I then go to the page where the value is used - and it's there and can be used.
However, exactly the same routine when running in Safari or Firefox doesn't work - although when you're on the same page where the value is set it will immediately state that the value is ok, do a postback and it's gone!
Here's some very simple code to show the problem. Whilst IE will always dump 'plop true/false' to the screen (yes, I know - very juvenile!), FF and Safari will the first time, but on postback will just dump True to indicate it's a postback. (oh, and autosaveprofile is set to true in this example - otherwise there'd be a Profile.Save() below the set property).
[Code]....
I can't use Cookieless session states as the CMS I'm using won't allow it. I've also used Fiddler to try and track the issue, but no joy.
I'm guessing it's related to the way FF and SF handle cookies - but both are set to accept anything. Could it possibly be anything to do with the ASP.Net Development Server? (ie. the address is[URL]The fact that it never manages to save the value
View 1 Replies
Apr 4, 2011
I have an existing asp.net mvc website that uses basic forms authentication. The site has a login page that posts back to a login action, which logs the user in via FormsAuthentication.SetAuthCookie(). I am looking to add an api to the site, as an mvc2 area, where users would be authenticated based on a token passed as an http header. This area will consist of only json actions, so redirecting the user to a login page doesn't make sense. Instead, I want the users to just pass a token along with each request. That token is mapped to each user account and the user would be authenticated automatically.
I'm struggling with where to put this logic. At this point, the best choice seems to be adding the header lookup logic and authentication to the Global.asax in the Application_AuthenticateRequest method. I want to avoid needing to redirect the user after calling FormsAuthentication.SetAuthCookie(), though. I want the login action to be transparent to them. Am I approaching this the wrong way? As a side note: Requiring a username/password for api requests is not possible, as the site has a mix of users. Some joined using OpenID while the rest joined with a username/password.
View 1 Replies
Jul 16, 2010
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?
View 1 Replies
Feb 12, 2010
I been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this.I have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database I try to connect tThis is the connectionstring I use:
Data Source=IPTOSERVER;Initial Catalog=Phaeton;User Id=User;Password=Password;errormessage
View 6 Replies
Feb 14, 2011
I am using windows authentication in my web application. All we need is when the application will be executed it will launch login.aspx page. If users put correct userid and password(checked from active server directory) it will be redirected to a difference page. But if any unauthenticated user tries to access any other page in the application by typing the Url on the address bar it will be again redirected to the login page. We have to do this by changing our web.config file.I can achieve this using form authentication but not windows. But our requirement is windows. The requirement is very basic but all effort is just not working.
View 2 Replies
Apr 8, 2010
I have a web site that is using Windows Integrated Security for authentication. Under the site in the IIS there is a virtual directory that inherits these security definitions. Assuming I have several pages under the virtual directory, is it possible to apply anonymous access on on 1 (one) of them?
View 4 Replies
Sep 23, 2010
We have a weird issue found during setting up a new Windows 2003 Server with IIS6.0 & ASP.NET 2.0, our site is built using ASP.NET forms authentication with general authorization to deny access to all users & allow explicitly to static, home pages etc, -- web.config setting for forms auth looking as below:
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="~/Pages/Users/Login.aspx" protection="All" timeout="60" defaultUrl="~/Pages/Inner.aspx">
</fo </authentication
View 1 Replies
Dec 15, 2010
I have a problem with using login controls form authentication ! as my website serves some pages for guest users(Anonymous user) and some pages are for only secure user(they must have to login for those requested pages)...... my problem is this that when i apply form authentication in web.config file to login control then visual studio directly shows only login page where i want that in general case only : guest user pages must be shown and if user clicks on login then after login the requested page he may open !
View 2 Replies
Oct 11, 2010
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
View 3 Replies
Feb 24, 2011
I am getting following error in the Test which is in the same Box but IIS requires Https to view the Page. I have change Web.Config to accept https. I was able to add the Service References without any problem but while call the method I get The HTTP request was forbidden with client authentication scheme 'Anonymous'. this error message. I am trying to use userNameAuthentication.
<bindings>
<wsHttpBinding>
<binding name="Binding1">
[code]...
View 1 Replies
Jan 18, 2010
I am currently implementing a client-side paging solution using ASP.NET, jQuery and JSON.
I have been following the excellent article from encosia: http://encosia.com/2008/08/20/easily-build-powerful-client-side-ajax-paging-using-jquery/
In my Web Method I retrieve my data from the database as a DataTable:
DataTable categoryProducts = ProductViewerAccess.GetCategoryProducts
("AA", 4, 0, Page.ToString(), out howManyPages, "FALSE", 0, "CostPrice", "asc", destinationList);
I then retrieve the data from the DataTable into an anonymous type:
var feeds =
from feed in categoryProducts.AsEnumerable()[code]....
This all works great.
However, I would like to extend the code to perform some evaluation checks (e.g., check that various columns in the DataTable are not NULL) and other pre-processing (e.g., call various functions to build the image URL based on the image ID - which is another column in the DataTable not shown in the code fragment) before I return the resulting rows of the DataTable as an anonymous type to the client-side.Basically, I want to iterate through the DataTable, perform the evaluation checks and pre-processing, while building my anonymous type manually as I go. Or maybe there is a better way to achieve this?
View 2 Replies
Mar 26, 2011
I have a profile page that sends my users, once they register to a profile page which basically allows them the edit their profile. I use
<
a
href="@Href("~/Account/Profile",
WebSecurity.CurrentUserId)">Edit
your profile</a>
But what i noticed was: When the user goes to the profile page in the url is their account ID. if i change that id for example [URL] to [URL] then i can edit the other users profiles. Im using WebSecurity.RequireAuthenticatedUser(); But im guessing i need to use RequireUser(String)?? To be honest im just lost maybe i need a ( if xxx is IsCurrentUser )?
View 4 Replies
Nov 24, 2010
If the users come to the web site out of domain then the user must fill a login page and the credentials he provided must be authenticated from a custom credential store. If the user is an Active Directory user, he must be directed to the resource he wants without asking for credentials.
If I enable both Anonymous Auth and Windows Auth for the web server, Anonymous Auth comes first and even the user is an Active Directory user I can't access his domain information.
View 2 Replies
Jan 3, 2011
I am using profile services to store some attributes of users registered in the website. Now I am making a display profile page for a user. The problem is that the profile loads easily when I am running the site from VS 2010, but it gives the following error when I run it from IIS7 on my local machine:
System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
[Code]....
[code]....
View 4 Replies
Aug 6, 2010
I'm trying to update/create the user profile for a specific user that will not be the logged on user of the moment. I'm able to do this with the following code:
'Dim p As ProfileBase = ProfileBase.Create(Email, False)
View 3 Replies
Feb 4, 2010
I am logged in as user1, and while creating a user in which I have additional information which would store first and last name into the profile database. I have the following code
[Code]....
But because I just have profile like that, it is updating the profile of user1 not the new user i just created
[Code]....
View 5 Replies
Dec 5, 2010
I'm being stupid but don't know what I'm missing.I want to use asp.net profile and have a profile property.So in the webconfig for my site I've added:
<profile>
<properties>
<add name="Name"/>
</properties>
</profile>
But in the code behind a page I cannot use Profile.Visual Studio is just saying the Profile is not known in the current context.Thus I cannot do
Profile.Name = ....
or
x = Profile.GetPropertyValue(....)
View 13 Replies
