MVC Forms Authentication With Custom Database
May 24, 2010
I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation. I am logging in my user like this:
if (PasswordHasher.Hash(password) == dataUser.Password)
{
FormsAuthentication.SetAuthCookie(email, true);
return true;
}
The problem is, when the session expires obviously the user has to login again. I am thinking I should be storing this Auth cookie in my users table? Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset.
I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.
View 2 Replies
Similar Messages:
Nov 10, 2010
I created a database for user authentication. After I pass loging parameters to the stored procedure in the database and they return a user ID for that user I use the following line for authentication:
[Code]....
User gets authenticated but the problem is that ASP.NET does not recognise the user as authenticated until the page is refreshed.
View 5 Replies
Jan 3, 2011
I want to use authentication on my site in order to login to the Admin section. I already have my database schema, I don't want to use the ASP.NET membership tables for SQL Server. I have three tables: Employees, Roles, and EmployeesInRoles.
I'd really like to keep this as simple as possible, but I'm having trouble finding a solution. I just want to use forms authentication with my tables so employees can log in, log out, change their password, etc.
View 2 Replies
Feb 8, 2011
I have a database which has form authentication tables for an website [let say website A], now I have attached a new website [Website B] to the same database, in this website [Website B] also I have to provide login/authentication which would be separate from the website A authentication system. So I want to have separate table for the users of new website. Specification:
[code]....
will there be any open source membership provider like we have .NET membership provider [form authentication].
View 2 Replies
Sep 27, 2010
In my earlier verison, I used Active Directory to authenticate users which was Custom. In the sense that, I had passed UserName and password along with a token request through datalayer to authenticate against AD. it would eventually check the DomainNameUserName, password against AD and will get authenticated.
View 5 Replies
May 3, 2010
We have Novell's Access Manager protecting our site. After the user logs in, Access Manager forwards the request back to a web page. On that web page, I need to read a combination of some Basic Auth username information as well as some custom header variablest that AM is passing to the web page. AM will continue to send these variables/values on every page as long as the user stays logged in.
What I'd like to do is create a class that checks for these values to evaluate whether the user is logged in or not. How do I gain access to those variables from a .cs class file?
View 3 Replies
Apr 13, 2010
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 Replies
Mar 8, 2011
Unfortunately, all the examples for Forms Authentication Code Behind w/ Custom Role and Membership Providers I find online are written with a VB.NET code behind and I need a C# code behind. I need a codebehind that will do the following:
authenticate user upon login button click
if user active_flag=0 (false) OR password!=@password, display error: "Access Denied"
if user admin_flag=1 & active flag=1 (true), redirect to admin_pageszipsearch.aspx
if user admin_flag=0 (false) & active_flag=1 (true), redirect to pageszipsearch.aspx
Default.aspx Code:
<asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
<LayoutTemplate>
<span class="failureNotification">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>......
View 1 Replies
Feb 7, 2011
I have an older custom classic asp app which handles time sheets for my organization. I would like to start migrate this application to asp.net. I am trying to figure out the best approach to implementing user authentication as the classic asp is built from scratch. For the new site, I would like to use the Login control to handle authentication but not sure the best way to wire it up to the existing SQL database with user name, password, and authentication levels. I have found this code snippit from the Microsoft site:
[Code]....
Unfortunately it does not suggest a connection mechanism. What would be the most logical / standardized way of making a connection to the db?
View 1 Replies
Nov 18, 2010
i have a web site that uses forms authentication. the problem is that i have the site installed multiple times on the same production servers because i need to have a few different login pages (based on the domain in this case). after the domain specific login page, the rest of the site is the same. obviously, this requires a lot of maintenance as each new version has to be installed multiple times on the server (with varying the login page in the web.config file).
so i thought is there a way to install the site on 1 folder on the disk, have a web site on the IIS take in all the needed domains and make some http module (or some other solution) in which i could give it a list of domains and the forms authentication for that domain. this way make the login page used by each site change according to the domain while still having only one site to maintain on the server.
View 2 Replies
Jun 29, 2010
The webapp I am trying to deploy will have the IIS running on the same server as database.I have been assigned a domain account and have been asked to connect to the database using this account.I am not sure how to go about making the connection. I cannot enable impersonation as I need to mention the username and password and it will be security concern, also I need to give write permission onC:WINNTMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files (which is not allowed)The Webserver and SQL server runs with system account.Can you please let me know how to establish connectivity to the server using the domain account without mentioning the password anywhere.
View 1 Replies
Jan 20, 2011
I have done it as mentioned in the readme file in the samples folder. But after completing all the steps when I open my browser and give in the url http://<servername>:<portnumber>/Reports, it shows the following error:
The report server is not responding. Verify that the report server is running and can be accessed from this computer.
View 4 Replies
Feb 15, 2011
I am using Windows authentication in my asp.net project. We need to implement the security based on the configured GroupNames.
To simulate the Project environment i have 3 pages in my application .
1.TestPage.aspx 2.Main.aspx 3.ErrorPage.htm
When logged in user is in group or role "MyDomainDatawarehouse" i need to give access to Main.aspx page.If User not in that group and user tries to access the Main.aspx page by typing url in the address bar of Browser then i need to redirect user to the ErrorPage.htm. But this is the place where my code is faling. I guess some thing wrong in the web.config.
Note: All the authenticated users are permittedto see TestPage.aspx irrespective of their roles.
Note : All the .aspx and htm pages are in the same root
[Code]....
View 7 Replies
May 11, 2010
I'm trying to upgrade my mvc 1.0 application that had a custom written login. I assign the authcookie like this:
[code]...
And here if I debug _authRoles has "Admin" in it, and isAuthorized is always false.
If I check the "ticket" it has some: UserData = "Admin".
What can be wrong there? Is it the "User.IsInRole" that is different, or do I need to add something in web.config?
View 1 Replies
Aug 11, 2010
I have created a WCF service that will serve as authentication service for Silverlight client.The problem is that when I make a call to FormsAuthentication.SetAuthCookie in the Login method below, I get a null reference exception. I am following the 'Securing Applications Built on Silverlight and WCF' (http://www.componentart.com/community/blogs/milos/archive/2009/05/07/securing-applications-built-on-silverlight-and-wcf.aspx)
[Code]....
View 1 Replies
Aug 28, 2010
I am using Forms Based Authentication. I have extended the Forms Authentication Tables creating a custom table called Profile_Contact that holds the user's GUID, username, email address, and other information. I have another table called Profile_Account which holds company account information such as Company Name, address info, phone numbers etc. This table has a Key Field called IDProfileAccount. I include the IDProfileAccount field in the ProfileContact user table so I can associate the user with a specific Company. For the login page, I am using a basic login page created with using the Visual Studio login controls. When the user logs in, they are sent to the appropriate page as identified by the role the user has been given. This all works great.
Now I need to extend the login page so that when the user logs in not only is the user's name and GUID placed in session, I would also like to have the IDProfileAccount record placed in session as well so that I can filter the records the user sees as only those records of the Company the user is associated with. I know how to add static variable to a session and how to retrieve them to filter data, what I need to know is how to retrieve the data from the SQL table on login and sending it to the session. I would think it would be something along these lines:
[Code]....
View 3 Replies
Jun 14, 2010
On our production servers, the admins created a WebUser active directory account which is users for anonymous access to IIS and is also used to authenticate database access with our SQL Server instances using Integrated Security=SSPI in the connection string and identity impersonate="true" in the web.config.
I've often come across situations where I would like to or even need to use forms authentication. However, I using forms authentication, Integrated Security seems to use the logged in user's credentials to authenticate against the database. In these cases I have changed the connection string to use the credentials of a SQL Server users instead. I would prefer to not have a hard coded username and password in the connection string or rather worse in code. Is it possible to use forms authentication just for user authentication for users and windows authentication with the IIS user for database access? What would be the best practice in such a situation?
View 1 Replies
Mar 24, 2010
i am in the process of developing an asp.net mvc 2 social web app and some of the requirements have to do with users authentication and personalization. Site visitors should be able to login using credentials not only by registering to my site but also by entering external account credentials (Live ID, facebook, etc...). Also, users should have a custom profile, where they could enter personal details, preferences, etc...
Is there any good tutorial on how to implement custom membership and profile providers? The default Role provider that comes with asp.net mvc is ok and does not need to be re-implemented.
View 5 Replies
Feb 3, 2011
LoginPage.aspx:-
protected void Button1_Click(object sender, EventArgs e)
{
Context.Items["Username"] = txtUserId.Text;
Context.Items["Password"] = txtPassword.Text;
//
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Context.Items["Username"].ToString(), DateTime.Now, DateTime.Now.AddMinutes(10), true, "users", FormsAuthentication.FormsCookiePath);
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
Response.Cookies.Add(cookie);
Response.Redirect("Default.aspx");
}
Global.asax file:-
void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
Response.Write(HttpContext.Current.User.Identity.Name);
Response.Redirect("Default.aspx");
}
}
}
}
I get the following error after signing in This webpage has a redirect loop.
The webpage at [URL] has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
View 2 Replies
Sep 15, 2010
I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL.
`System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.
at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()
at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)
I am badly struck with this exception and unable to progress further.
View 2 Replies
Feb 18, 2011
how to implement WCF username authentication with a custom validator in both client side and server side. I am trying this since last 2 days. but no result.
View 7 Replies
Mar 18, 2011
I am using asp.net 3.5 web.config to limit access and it works great.
<authentication mode="Windows">
<authorization>
<allow users="Bill, John"/>
<deny users="*"/>
</authorization>
Unauthorized (but authenticated) users will be blocked by a system error message saying that:
Server Error in '/' Application Access is denied.
Description: An error occurred while Error message 401.2: Unauthorized: Logon failed due to server configuration.
In order to make the message more friendly, I uncomment the customErrors flag and create a GenericErrorPage.htm in the root path of my project.
<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
However, it just doesn't work. I still get the system error message rather than my custom error page.
View 1 Replies
Jul 19, 2010
I'm looking to implement my own basic webforms authentication. I don't want to use the 'membership' features in this case because I don't want to modify the database schema with all the membership elements that I won't use, and I don't need to support users across multiple applications. I want to wind up with one simple 'users' table that has username, password, passwordSalt, and several other fields to support custom user attributes specific to this application.
I was looking at this:
http://www.xoc.net/works/tips/forms-authentication.asp
but it's rather dated... is this still valid? I'm looking for guidance on what I need to do to implement a custom webforms auth solution. A very basic skeleton I can expand upon, or a good tutorial/guide that illustrates the necessary parts... just the basics..
View 5 Replies
Feb 8, 2010
I think I'm missing something simple...I have a customRole Provider set up and it seems to be working fine - I can add/change/delete info using the WAT.For my Authorization I do a custom routine that is separate from the .net provider that basically says the users is or is not authenticated (true/false).If the user IS authorized how do I set the cookie (or whatever) letting .NET know who they are so I can use the roles on a directory level?I know I can use Roles.IsUserInRole on individual pages but I'd like to be able to use directory based authorization too (from the web.config).
View 3 Replies
Feb 21, 2010
I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are authenticated with ActiveDirectory. That's my approach so far. I can't get the cusstom Role Provider to work, anyone has the same situation like me. How do you make a custom Role provider works with AD?
View 1 Replies
