Security :: Authentication In Web.config?
Apr 7, 2010Im uysing my custom login for user,and suppose im having a group of user who can login in.and rest of other should be deniedso how i can maintain that in web.config,
View 2 RepliesIm uysing my custom login for user,and suppose im having a group of user who can login in.and rest of other should be deniedso how i can maintain that in web.config,
View 2 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
I need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 RepliesI have Asp.net web application with two web.config files and one will be Forms Authentication mode and other will be Windows authentication mode.When i provide username and password in my login page (for both authentications login page will be same)based on the username(from database or local domain ).. switching has to happen between these two web.config files User Aurthentication is done using WebService.
View 4 Replieswhen i set forms authentication to my website to web.config file as
<authentication mode ="Forms">
<forms
loginUrl="login.aspx"></forms><authentication><authorization><deny
users="?"/></authorization>
and login button ,i write the following code
FormsAuthentication.RedirectFromLoginPage("login",
false);
and logout button ,i write the following code
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
it works but when i press browser back button after logout button click
it maintains the page history and the page will redirect to last requested page
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
i want a simpe login systemm using webconfig file and one login.aspx page.
View 3 RepliesI have a few pages that need to use SSL and I am confused bc I read you should set the forms authentication section in the web.config to use SSL. so if this is the case, the user logs in (login page is using ssl) the forms auth cookie is created and now if i redirect to the non ssl enable home page, does this mean the auth cookie will not be transmitted, so i can't display like a welcome module or know the username of the user who logged in?
View 6 Repliesi have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesWhat do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 RepliesI needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
how to set authentication level's in web config.
View 3 RepliesI am required to control access to a specific file on our server. I suggested, for the time being (rather than affording time for other routes until we can), that we simply use the web.config to lock this file down to everyone by means of a location/system.web/authorization setting.
This soon failed to protect the resource and I quickly became aware why (I think). It is a public site and is not using Forms authentication (currently just defaulting to Windows).
So, for clarity, here are the relevant parts the config file...
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="thefile.extension">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can I secure this resource without turning on Forms authentication? Or can I turn authentication on but never actually require authentication to occur, by allowing all resources but the ones explicitly stated, or by explicitly stating all allowed and denied resources?
I have logout handler which used to work fine:
public void ProcessRequest(HttpContext context)
//// Sign out
System.Web.Security.FormsAuthentication.SignOut();
//// Clear Session
if (context.Session != null)
[code]...
how can i specify two different login pages in root web.config file since i need to have authentication for two folders.for securing My Account module i did like this in the root folder i need to have it for another folder called EBox also.
View 1 RepliesI have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 RepliesI'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies