MVC :: Forms Authentication User.Identity.IsAuthenticated And Cookie?

Feb 9, 2010

I am using forms authentication and have an issue with a particular browser using the remember me feature. For various reasons I want to support the opera browser that works with the nintendo dsi. I can use forms authentication with that browser just fine but when I use the remember me (cookie) feature I can get through the login but then calls to User.Identity.IsAuthenticated return false. If I do not check remember me it works fine. Initially I thought the browser didn't support cookies but it does. At least I can go to m.gmail.com and check their version of remember me and it works. I can exit the browser and come back in and m.gmail.com remembers me. Also I don't have problems with remember me on any other browser I have tried.

Is anyone aware of some specific browser issue that doesn't work with asp.net forms authentication? I am using asp.net mvc but I doubt that matters.

View 3 Replies


Similar Messages:

Security :: Forms Authentication Cookie Not Changing Current User Identity

Jan 21, 2010

I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:

<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />
</authentication>

And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:

If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.

View 2 Replies

Web Forms :: Sequence Order For Page.IsPostBack And User.Identity.IsAuthenticated?

Apr 22, 2010

What is the best sequence order for Page.IsPostBack and User.Identity.IsAuthenticated? From what I have search for, this comes up most common:

If Not Page.IsPostBack Then
If User.Identity.IsAuthenticated Then
~Some kind of code~
End If
End If

Is this considered "best practice" or can the two items - Page.IsPostBack and User.Identity.IsAuthenticated -be split into their own sections so the fuctions of these can be independent of each other?I am trying to troubleshoot a placeholder that disappears from a master page when a content page button is pressed to change the content pages active view (I have a multiview w/ 5 views inside of it).

View 2 Replies

Context.User.Identity.IsAuthenticated Always Authenticated?

Mar 3, 2011

I am trying to create a httphandler which will intercept a sample pdf file which we have in our website. The httphandler works fine from within my development machine and even my locally published website that if I just try to connect to the test url: [URL] I will get sent to the invalid access page. So pushing it to our IIS6 machine when I try to go to the URL it serves up the PDF document. context.User.Identity.IsAuthenticated is always showing as true. I'm using forms authentication. below is the code I am using as the handler.

public void ProcessRequest(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
string SampleURL = context.Request.AppRelativeCurrentExecutionFilePath;
context.Response.Buffer = true;
context.Response.Clear();
using (FileStream fs = new FileStream(HttpContext.Current.Server.MapPath(SampleURL),FileMode.Open))
{
int length = (int)fs.Length;
byte[] buffer;
using (BinaryReader br = new BinaryReader(fs))
{
buffer = br.ReadBytes(length);
}
context.Response.Clear();
context.Response.Buffer = true;
context.Response.ContentType = "application/pdf";
context.Response.BinaryWrite(buffer);
context.Response.End();
}
}
else
{
context.Response.Redirect(
"~/Error/invalid_access.aspx");
}}

in web.config I have the following for form authentication:

<authentication mode="Forms">
<forms name="Sample.Web" loginUrl="~/Security/" defaultUrl="~/default.aspx" protection="All" timeout="60" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>

View 3 Replies

Security :: Httpcontext.current.user.identity.isauthenticated Always False?

Sep 7, 2010

I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated

if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.

Below the section of authentication in web config

[code]....

View 5 Replies

Security :: HttpContext.Current.User.Identity.IsAuthenticated / Module Isn't Working

Jan 18, 2010

We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?

View 1 Replies

Security :: User.Identity.IsAuthenticated Returns True But Session Has Expired

May 24, 2010

I have a page where, when the user has successfully logged in, I store some values in the session.

I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.

My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.

Why is this happening, and how can I fix it?

View 3 Replies

Security :: IIS7 Recycle Results In Context.User.Identity.IsAuthenticated = False?

Nov 22, 2010

I need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.

Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.

However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.

Logon method:

[Code]....

Custom Controller Attribute:

[Code]....

WebConfig:

[Code]....

View 1 Replies

Page.User.Identity.IsAuthenticated Returns Object Reference Not Set To Instance Of Object?

Dec 23, 2010

this works fine on my local site but as soon as i upload the site to my live server i get stem.NullReferenceException: Object reference not set to an instance of an object

on the first line of this:

if (!Page.User.Identity.IsAuthenticated)
{
pnlSignIn.Visible = true;
pnlSignOut.Visible = false;
}

View 1 Replies

If User.Identity.IsAuthenticated Then... Object Reference Not Set To An Instance Of An Object?

Jan 2, 2010

this problem is baffling me. I have a custom class that all my pages inherit from

Public Class Page : Inherits Page
Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
Display Admin Controls (Buttons) '

[code]...

View 2 Replies

Iis 7.5 Dns Windows Authentication Page User Identity Not Working?

Feb 7, 2011

In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:

IP: All Unassigned

Port: 80

Host name: apps.mydomain.com

In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.

I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:

Response.Write(Page.User.Identity.Name);

However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.

If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.

Is there something else I need to configure to get the current windows logged in username when using host header?

web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
</configuration>

App pool config (left out "handlers" for brevity, there's a 30000 char limit):

[Code]....

View 2 Replies

Windows Authentication Succeeds But IsAuthenticated == False?

Jun 29, 2010

Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:

<location path="auth/windows">
<system.webServer>
<security>

[code]...

When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.

View 1 Replies

Ssl - How To Preserve Authentication For Forms Authentication Cookie

Aug 19, 2010

We have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc).

Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control.

The client is redirected back to a pre-configured url on our original http web app when done.

However, the customer is then asked to "re-login" again on our side which is undesired...

It seems the forms authentication cookie is destroyed when transitioning between HTTP and HTTPS and back again.

How can I keep the forms authentication cookie alive so that the customer does not have to re-authenticate on the round trip?

View 2 Replies

C# - How To Customize The Forms Authentication Cookie Name

Sep 2, 2010

I have 2 websites running on localhost in different ports. As browsers do not differentiate port numbers when sending cookies, my forms authentication ticket from one site is being sent to the other

How do I solve this? I thought that a good solution would be to change the forms authentication ticket or one of the websites but I don't know how to do this.

View 1 Replies

Security :: Forms Authentication Is Not Updating The Cookie?

Dec 13, 2010

We have had a bug recently where users are logging into an application with multiple browser tabs. They are editing a content page which means that they can be working on a page for sometime (ie with no postbacks) They finally click save and because the session has timed out it takes then to login page. I initally resolved they by adding a reminder that the session is about to expire which initally resolved the issue. It has been noted that even when they are within session time out they still got redirected to login page (and loosing the data on the form). We had real problems replicating the issue but have finally managed to do so now and I have learnt some curous features of .net Forms Authentication.

I have set up a test project which has the membership controls on etc. I have set the Timeout on the <forms> tag

<forms loginUrl="~/Account/Login.aspx" timeout="2" />Case 1I then open two browsers windows (side by side), both on the login page (and logged out)On the left window I login (and start a timer)after 40 seconds on the right window I navigate to a page (which takes me to the page as I have logged in on left window )I then wait until the full 2 minutes has elapsed (but before 2 Minutes and 40 seconds) and then try and navigate to a page on the left window.It redirects me to the login pageI would expect it to allow me to navigate to as I have kept my session open on the right window.Case 2I then open two browsers windows (side by side), both on the login page (and logged out)On the left window I login (and start a timer)after 90 seconds on the right window I navigate to a page (which takes me to the page as I have logged in on left window )I then wait until the full 2 minutes has elapsed (but before 2 Minutes and 40 seconds) and then try and navigate to a page on the left window.It Navigates to the page keeping me logged in.After a bit of reading around the subject I have found out that the slidingexpiration property only renews the cookie if it is in the last 50% of the timeout value:
Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed[URL]

My Question is: How can I override this bit of functionality?

Is there a property to set somewhere to "Always renew cookie"?

Is there another workaround. Unfortunately I can't increase the timeout because of a complience issue (it must be set to 15 minutes)

View 3 Replies

AJAX :: PageMethods - Forms Authentication Cookie Not Always Sent?

Oct 26, 2010

Since last week I've had a really odd issue with PageMethods, the forms authentication cookie, and the back button which i've never seen before.

Essentially, I have a 'home page' which on document.ready (using jQuery), loads some data through PageMethods, and then renders a list - from which you can click through to a details page about the item. In general use, it works fine. However, using the back button after clicking through (ie: going back to the home page), it throws a PageMethods error. The browser's 'authentication required' prompt appears, and if you click cancel, the server returns a 401. The error returned by PageMethods on the client side is 'authentication failed'.

After inspecting the request in Fiddler, the forms authentication cookie isn't sent with the request, which would explain why it is happening. My fiddler entry for the request looks like this:

[Code]....

View 1 Replies

Forms Authentication - What Is The Content Of FormsAuthentication Cookie Value

May 21, 2010

What is the content of ASP.NET FormsAuthentication cookie value? How can I see the real value of the hashed string (in case that I have the decrypted key)?

View 1 Replies

Run If(!User.IsAuthenticated) Or Access Profile.values In App_Code? C# .NET?

May 14, 2010

i'm trying to run a conditional statement in a class i'm placing in my App_Code folderthe condition is whether the person is logged in or not. I normally have two ways to do this in my masterpage and ASPX's

if (!User.IsAuthenticated) or if(Profile.username = "anonymous")

however neither of these things seem available to me in the .cs i'm making. anyone know what i'm missing? maybe a using namespace up top?

View 1 Replies

Security :: Forms Authentication - Users Logged Out Before Cookie Expiration?

Jun 16, 2010

For some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?

[code]....

View 1 Replies

Forms Authentication Cookie Not Expiring On Server Shutdown / Failure?

Jan 5, 2011

Here is a use case of my login using a CustomMembershipProvider

User Logs in MembershipProvider validates user account User property of Membership is set to user details coming from the database An authentication ticket is created Forms authentication cookie is added. User is logged in

Here is a use case of my problem Stop whe web development server Start the web development server, and user is still logged in (due to cookie?) User property Membership is set to null due to server restart/failure Application throws exception due to null user value

The only solution I could think off is to clear all cookies on Application_Start() but I don't know how is that even possible as Request is out of context during application start.

Here is the code:

[Code].....

View 2 Replies

IIS Configuration :: Membership Forms Authentication Cookie Clears On Application Pool Recycle

Jan 28, 2013

I use Form Based Authentication in my siteIn my login page I have:

FormsAuthentication.SetAuthCookie(user.userName, true)

View 1 Replies

Which One Should Use For "anonymous User Identity" - "specific User: IUSR" Or "application Pool Identity"?

Feb 2, 2011

In IIS Manager center pane, there is an icon titled "Authentication" as follows: Clicking the icon, we get 3 items as follows: Right clicking the Anonymous Authentication and select edit, we have: Question: which one should I use? What is the difference?

View 3 Replies

Security :: Authentication Using IIS's Windows Identity?

Jul 30, 2010

I want to know if this kind of authentication is possible.

We have an Active Directory account and that account we are using to log in to windows. I have a simple system that needs authentication using the IIS log in box (i dont know what do you call this but what I know is it only comes out when Anonymous user is unchecked in the IIS configuration.) Now, I want this box to appear before my page and the user will be authenticated and be compare to the user who logged in to the windows. If the user who have been authenticated is the same as the user who logged in to the windwos then we will let him in if not he must be denied in accessing the page.

The first problem I have in my mind is how to code it in asp.net to make an authentication when he will try to access my page.

Second is, let us say we have succeeded to show the authentication box, how can I get the username from the log in box and compare it to the user who logged on in windows. Of course we can get the user id of the logged in user from the windows using User.Identity.Name but how about the username from the log in box.

Note: I will not use log in forms even using https. Just the log in provided by the IIS according to the configuration.

View 1 Replies

MVC Authentication Cookie Not Being Retrieved

Jun 7, 2010

I am having a hard time implementing "Remember Me" functionality in an MVC application with a custom principal. I have boiled it down to ASP.NET not retrieving the authentication cookie for me. I have included a snaphot below from Google Chrome.

Shows the results of Request.Cookies that is set within the controller action and placed in ViewData for the view to read. Notice that it is missing the .ASPXAUTH cookie Shows the results from the Chrome developer tools. You can see that .ASPXAUTH is included here.

Does anyone know what the issue may be here? Why does ASP.NET not read this value from the cookie collection?

My application uses a custom IPrincipal. BusinessPrincipalBase is a CSLA object that ust implements IPrincipal. Here is the code for that:

[Code]....

I do not think that any of this is related because the bottom line is that the Request.Cookies does not return the authentication cookie. Is it related to the size of the cookie? I heard there are issues to the size of the cookie.

UPDATE: It seems that the issue revolves around subdomains. This site was being hosted with a subdomain and the cookie domain was left blank. Does anyone have any pointers on how I can get the auth cookie to work with all domains (e.g. http://mydomain.com, http://www.mydomain.com, and http://sub.mydomain.com)?

View 3 Replies

Security - How To Create An Authentication Cookie

Jan 29, 2010

Do we know the algorithm that asp.net uses to create the authentication cookie (when using forms authentication?)

Can we basically create our own copy implementation? if so, how?

What does it use to generate the encrypted cookie value, I know it uses whatever you pass into the SetAuthCookie call (which is usually the userID/username).

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved