I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
View 2 RepliesIt has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
how to make login control allow users to login by either username or email address
View 1 RepliesLet's say I have 2 computers and has internet connections. let's say in computer 1 I visit the my page and i log-in as User1 and I go now to computer 2 and i do the same thing in computer 1. All i want to do is to kill the session in computer 1 because i log-in in computer 2.
how to do that in asp.net?
i have login page that i use captcha image but i want if user login fail for 3 times append this captcha to login page so user must enter content of captcha image to login.how can i do that?
View 10 RepliesI would like to set the Login which will log auto when he return to site, if the user hasent logged off the site.and if he enter the site again he'll be logged in already.
View 5 RepliesI've created a new website using forms authentication. Everything works fine on my local DEV machine - I can log in with no problem in any browser.
But as soon as I deploy this to my production server, I am unable to login using IE. I get to the login page and when I click to login, it just reloads that page and never authenticates me. If I use Google Chrome, I can log in without any problems.
I know this sounds similar to the common problem where you don't have your applicationName specified in the web.config file, but I have that specified in all of my providers.
I've tried this in both IE8 and IE9 while adjusting the cookie settings to accept everything and it makes no difference. I've also tried on multiple computers.
Since I can get it to work in Chrome, I feel like there must be a setting in the code somewhere that affects IE differently. I have a hard time believing it's a setting in IE because I use the standard, default setup there.
The only way I could get this close to working was to adjust this forms authentication setting: cookieless = "UseUri". When I did this, I could get past the login screen to my default page, but then when I tried to navigate to any other pages, it would always take me back to the login page and make me login again. It would take me to the requested page each time, but I would still have to login again at every new page request.
Here are a couple of snippets from my web.config file.
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
path="/"
protection="All"
[Code]....
After reading a book I brought on ASP.net I fould the login controls to be very nice.I have set it up in my application so that customers can login using the standaard login controls and things were going smooth.But in my schema for my application I also have a table for customers (firstName, LastName, DOB, etc).And of course the customersID is used as a foreign key to tables such as Orders, Addresses (Home, Work, Postal).
The thing is how to i associate an asp.net login to a customer name in my table so that the CustomerID can be used through the application by knowing who is logged in.
I have a simple login screen that now has to receive its parameters from another web site. I am not sure what we have to do. The other web site, will get the user id and password. the person there is asking me, does he just redirect user tohttp://reports.ourwebsite.com:90/login.aspx?username=Bill&password=testthis is the codes: First is Login.aspx<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="Reports.Login" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> xmlns="http://www.w3.org/1999/xhtml"
>
<head runat="server">
<title>Untitled Page</title>
[code]...
This code worked until I published a recent set of changes to the web site. It's very strange behavior that I am having trouble debugging. Basically, I implemented some custom code to allow custom configuration of login timeouts from an app settings variable.
When debugging the application, if I click remember me or not, Login works perfectly. Once I post the updated code to the live server, login only works if I have the Remember Me option unchecked. If I check remember me, it does not log in, and it cycles the user back to the default web page. If I access the site from IE on the live server, remember me works correctly.
Here is the Logged_In event handler code:
[Code]....
[Code]....
I have an ASP.net application hosted on Win2003 server. When I set the Authenticated Access to just Integrated Windows Authentication, IE7 & IE8 started failing in loging into the site with an error 401.1 ("You are not authorized to view this page"). But Firefox has no issues in loging into the site. why IE is failing to login with Integrated Windows Authentication where FireFox works perfectly?
View 1 RepliesI'm using asp.NET 3.5 VB.
I have a login control on one of my pages, which is being put inside a table -
<table id="ctl00_LoginView1_Login1" cellspacing="0" cellpadding="0" border="0" style="border-collapse:collapse;">
How do I remove this table as its messing up my page layout?
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replieshow to write/use/implement a script that will allow users to enter a web application by clicking a button rather than entering their ID/PW? Seems like a lot of terminology around, SSO, Blind logon, yet all seem to be doable with an ASP script -
Web App contains detailed security for users, not all users are on Win AD, so that is not an option., I'm told (?) Do I need to use a spreadsheet to validate users access to the application, ?
Script that would pass "cookie" info and allow users to enter app without ID/PW. We have a custom logon.asp page the is using forms.
I have an asp login control that uses the standard aspnet database structure.I am using my own user identification system to identify a user based on login values that are not in the aspnet database and setting the user's aspnet database login to a universal login user and password.this works fine and I am able to test this by having one machine log in as "User 1" and another login as "User 2" but I am wondering if there is a limit to the number of user's that can be assigned to one username and password in the aspnet database for website access?Will the system reach the max number of user's in the aspnet database?
View 2 RepliesI've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
I have an intranet set up with IIS and it is working fine with windows integrated autehntication. However I have some permissions set and when certain users do not have access they get prompted for their login and I don't want this. I want it to go straight to the access denied page.
I read that "In integrated Windows authentication, the browser tries to use the current user's credentials from a domain logon, and if this attempt is unsuccessful, the user is prompted to enter a user name and password. "
So I understand this is supposed to happen but I was wondering if there was anyway to not have it prompt for a username and password if the first attemp is unsuccessful.
asp.net 3.5 IIS7 Hosted on Windows Server 2008 (virtual machine)
I have a website which have been running for about a year without any problems. Users have been able to login etc, but now I get reports about users not able to login while using Internet Explorer. Users using other internet browsers like FireFox, Chrome etc have no trouble logging in.
The website are using the standard Forms authentication.
Also lately another website has been setup in IIS7, but these sites are using application pool. I've stopped this webapplication in IIS, but that doesn't have any effect on my problem
I see that Windows Update have failed to install a lot of patches lately, not sure if that is related to this problem. But some of the windows patches are security patches.
I'm at the point where I want to allow users to register at my site and then allow users to login, so I am trying to get a feel for how everyone is handling this use case.
View 1 RepliesI've got a website project and I use my own login security and save the user and other info in session variables. Is there any way to know when they are online and offline by their user name I have in a session variable? Or do I need to use another method such as the asp.net user security?
I do know with the asp.net security I can check if a user is authenticated.
I have a login form and users have to enter their username and password for entering the sites ..
Also now its possible for users to enter the sites without login .. they can select the options in the menu and access them ... But i want to restrict the users ..only allow them to access the menu componets after login ... If they tries to access the contents a text have to display ask them to login
how can i do that... i am using vb.net as my language in the page
I have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.
The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....
[code]...
I have a Login.aspx in my application.
After users logged in, if they press "back" in the browser, it goes to the Login.aspx page.
But I don't want to show users the Login.aspx page when they are logged in. how to restrict users to see the login.aspx page if they are logged in??
I am using sql role based membership provider and standard login control provided by Visual web developer 2008.
I have a website that requires users to login, but I am having problems when authenticating a users.I create a user which works fine, I then test the login on the development machine and everything works fine the user is logged in.But if a try to login the user in via the live website (same database) I get errors stating that the login attempt has failed.I don't understand why it would work on the development machine but won't work with the live version of the website.
View 5 RepliesI want to know how to do Active Directory Authentication in my intranet web application,
So far I created a simple login page and I am using the login control. my questions are how do I configure the application, how do I interface the login control so it will take the user to next page once they input their usual active directory username and password.