Security :: Authentication In Web.config Not Working?
Feb 2, 2010
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
View 5 Replies
Similar Messages:
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Apr 7, 2010
Im uysing my custom login for user,and suppose im having a group of user who can login in.and rest of other should be deniedso how i can maintain that in web.config,
View 2 Replies
Mar 30, 2011
I need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 Replies
Mar 18, 2010
I have Asp.net web application with two web.config files and one will be Forms Authentication mode and other will be Windows authentication mode.When i provide username and password in my login page (for both authentications login page will be same)based on the username(from database or local domain ).. switching has to happen between these two web.config files User Aurthentication is done using WebService.
View 4 Replies
Mar 8, 2010
when i set forms authentication to my website to web.config file as
<authentication mode ="Forms">
<forms
loginUrl="login.aspx"></forms><authentication><authorization><deny
users="?"/></authorization>
and login button ,i write the following code
FormsAuthentication.RedirectFromLoginPage("login",
false);
and logout button ,i write the following code
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
it works but when i press browser back button after logout button click
it maintains the page history and the page will redirect to last requested page
View 7 Replies
Mar 7, 2011
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
View 8 Replies
Mar 31, 2011
i want a simpe login systemm using webconfig file and one login.aspx page.
View 3 Replies
Apr 15, 2010
I have a few pages that need to use SSL and I am confused bc I read you should set the forms authentication section in the web.config to use SSL. so if this is the case, the user logs in (login page is using ssl) the forms auth cookie is created and now if i redirect to the non ssl enable home page, does this mean the auth cookie will not be transmitted, so i can't display like a welcome module or know the username of the user who logged in?
View 6 Replies
May 28, 2010
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
View 7 Replies
Feb 6, 2011
I have done forms authentication a couples of times before but this time I cant get my head around something.Somehow altough the user authenticated,the destination page does not get this.The destination page is called Approval.aspx and is located in the /Admin directory which is secured by having its own web config with those settings:
[Code]....
If I remove the <deny users="?" />,then everything works fine but obviously everyone has access to that page.I only want that the user of role Admin can access it. I have implemented the standard VS 2010 login controland the user gets to the destination page with a response redirect:
[Code]....
Why does the destination page not realize that the user is authenticated and does not treat the useras a user in role "Admin"?
[Code]....
While debugging the login page I can see that the user has the right role "Admin".
View 9 Replies
Sep 30, 2010
I'm using a Custom Role Provider for authorization.
There are 2 roles: "VIEWER" and "SYSTEM_ADMINISTRATOR".
I have set up my role for my account as "VIEWER".
Roles.GetRolesForUser(this.User.Identity.Name) returns "VIEWER"
User.IsInRole("SYSTEM_ADMINISTRATOR") returns false
Web.Config contains below:
<location path="Administration">
<system.web>
<authorization>
<allow roles="SYSTEM_ADMINISTRATOR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
However, I can still access the ~/Administration pages.
Even if I change the web.config to:
<location>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
I can still access any of the pages, but I shouldn't be able to access any page when this is set. Correct?
I'm pretty sure my Role Manager is working fine (see above calls to User and Roles), but here's the config:
<roleManager enabled="true" defaultProvider="MyRoleProvider" >
<providers>
<clear/>
<add type="MyNamespace.MyRoleProvider" name="MyRoleProvider"/>
</providers>
</roleManager>
I'm testing this on my local dev environment using Cassini and on a test web server running IIS 6. Both systems/sites work the same way and allow anyone access to any page. Both systems/sites also return correct data when programmatically checking Roles.GetRolesForUser and User.IsInRole.
View 1 Replies
Aug 5, 2010
I am developing a small website in vs-2005.
Here I am using forms authentication and I have used an access database. I have put the db in App_Data folder and declared the connectionstring in web.config. The problem I am facing is that when I request any page without logging in the browser displays the requested page. At the bottom of the page there is a script error when I check the details it says Sys is not defined. Has this something to do with this issue??
In web.config file I have added the following lines in the <system.web></system.web> section.
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Default.aspx" protection="All" path="~/" timeout="30"/>
</authentication>
<authorization>
<deny users="?"/>
<!--<allow users="*" />-->
</authorization>
On login button click after comparing userid & password I am using the foll stmts:-
If code = 0 Then ' code 0 means match for userid and pwd
FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False)
Else
Response.Redirect("~/Default.aspx")
End If
View 3 Replies
Feb 24, 2011
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
View 7 Replies
Feb 9, 2010
I'm using IE 8 v.8.0.6001.18882
After upgrading ie my login form that uses forms authentication stopped working.
After studies find that IE8 has problems with the authentication cookies.
With all other browsers work perfectly.
My settings in web.config.
[Code]....
I tested all the values of being the only one that works is the UseUri but I do not control cookies in this way.
View 3 Replies
Nov 20, 2010
I'm trying to write a simple ASP.NET 4.0 app, using Windows authentication to login. This is on my peer-to-peer home network. When I click to login, it instantly shows my Windows identity, so it looks as though I don't even need to login, as it's already done that for me. However when I then go to any other page in the app, it looks as though I'm not logged in. Why is that and how do I fix it?
View 2 Replies
Jan 28, 2010
Recently I've implemnted Single SignOn feature in my website which was developed on Framwork 2.0 using visual studio 2005.These website works on all browsers perfectly except that there two systems in my testing environment where the FormsAuthentication doesn't work on IE only.
On Those systems itself FormsAuthentication works for other browsers like mozilla.On these system I have checked that FormsAuthentication cookie is created but it lost it value as soon as other page is traversed.But when I try to login again it give me the messsage that user is already login i.e. user was able to login successfully.Both of them are currenlty using IE 8.
Following is the settins of my web.config:
[Code]....
View 2 Replies
Jan 12, 2011
I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]
Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.
which security update would have caused this and if its possible to fix or rollback?
View 4 Replies
Dec 8, 2010
I have website under "aaa.com" domain, and it's form authentication is working in that domain.
But when i call login page from "bbb.com" in frameset or frame, can't pass login page. İt's always redirect login page me.
internet explorer not working. But firefox work.
(There is no problem when i call "aaa.com/login.aspx" but if i call in frame "aaa.com/login.aspx" from bbb.com not work.)
View 3 Replies
Jun 29, 2010
I have created a we app. using win authentication. When type the server ip addres in chrome I get the login window and it works just fine with my organizations credentials, however when doing the same using Internet Explorer I have to login with the server credentials as my account is not valid.
View 1 Replies
May 3, 2010
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
Here is the relevant section of my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ASPWebAuthConnectionString" maxInvalidPasswordAttempts="10000000" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="nvpumps"
requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false"/>
</providers>
</membership>
View 3 Replies
Mar 18, 2010
I know this is working correctly beacuse when I publish my website to my hosting provider, and request a resource in a protected directory, and I am not currently authenticated, I get automatically redirected to my login page and then once successfully authenticated granted access and redirected back to the sure *.aspx file in my protected directory (assuming I am authorized for those resources).
So that is working no problem.
However, when I run this from visual studio 2008 (F5) in debug mode, I am not being required to authenticate. It simply serves up the protected resource without asking for my credentials.
If I put a [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] on a BLL class method, it will throw an security exception, but the page that is calling it is in a secure directory and I am never asked to authenticate using the login page.
I am closing and re-opening brosers, clearing cookies, etc..., but no matter what I do I am not automatically redirected to the login page, and the secure page when I launch from visual Studio running on the embedded local host. Thiis working perfectly externally, same build, same web.config, pointing to the same database, on the hosting provider. (yes, eventually, I will be using dev/test/prod db configurations to test, but for now for simplicity I am keeping it the same)
Not only is it maddening, but worse yet, it would obviously make testing this application impossible after the initial release.
View 1 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies