Security :: Forms Authentication Across Applications Stopped Working?
Jan 12, 2011
I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]
Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.
which security update would have caused this and if its possible to fix or rollback?
View 4 Replies
Similar Messages:
Feb 9, 2010
I'm using IE 8 v.8.0.6001.18882
After upgrading ie my login form that uses forms authentication stopped working.
After studies find that IE8 has problems with the authentication cookies.
With all other browsers work perfectly.
My settings in web.config.
[Code]....
I tested all the values of being the only one that works is the UseUri but I do not control cookies in this way.
View 3 Replies
Nov 6, 2010
I have a bunch of applications that currently share the authentication cookie in v3.5.
We're in the process of upgrading to 4.0 and also upgrading the applications as a whole. I have 1 done, and would love to deploy it. However, as soon as I do, I lose my sharing of authentication cookie in that application.
In each web.config, my machine key is declared. I removed the actual keys to protect the innocent. :)
<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<!-- DEV Server -->
<forms enableCrossAppRedirects="true" loginUrl="Logon.aspx" name=".COOKIENAMEHERE" protection="All" path="/" slidingExpiration="true" timeout="1440"/>
</authentication>
View 1 Replies
Feb 19, 2010
I have a case where i have two asp.net applications, one is hosted on example.com/App1 and the other on /App2.
both applications are password protected using Windows authentication.
App1/default.aspx has a <img src="/App2/somefile.aspx">
Now what happens when i open App1 is that i get the credentials prompt, but because App2 is also protected, the HTTP GET for the img requires me to authenticate, in other words i get two prompts.
Is it possible to do something so that the authentication is for example.com so that both App1 and App2 consider the user authenticated?
View 4 Replies
Nov 10, 2010
I have three asp.net web applications
,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory
Like
1.Localhost/EmpMananger
1. Localhost/Hr
2.Localhost/Payroll
, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,
Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost
Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx
the authentication ticket is not available in second and third applicaiton
View 4 Replies
Jul 10, 2010
We are upgrading the asp.net 2.0 web application to asp.net 4.0.
The application contain three main modules (sub application) like End User, Franchise and Admin with separate web.config, asp.net form Authentication, login page and running with single domain.
the URL like,
mydomain.com/login.aspx
mydomain.com/franchise/login.aspx
mydomain.com/admin/login.aspx
In asp.net 2.0, working fine with 3 sub applications with separate form authentication under a single domain name and also we can working with all threes in same time.
After the up gradation process (ASP.NET 2.0 to 4.0),
We didn't run all three applications in same times and also form authentication crossed.
View 7 Replies
Aug 5, 2010
I am developing a small website in vs-2005.
Here I am using forms authentication and I have used an access database. I have put the db in App_Data folder and declared the connectionstring in web.config. The problem I am facing is that when I request any page without logging in the browser displays the requested page. At the bottom of the page there is a script error when I check the details it says Sys is not defined. Has this something to do with this issue??
In web.config file I have added the following lines in the <system.web></system.web> section.
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Default.aspx" protection="All" path="~/" timeout="30"/>
</authentication>
<authorization>
<deny users="?"/>
<!--<allow users="*" />-->
</authorization>
On login button click after comparing userid & password I am using the foll stmts:-
If code = 0 Then ' code 0 means match for userid and pwd
FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False)
Else
Response.Redirect("~/Default.aspx")
End If
View 3 Replies
Jan 28, 2010
Recently I've implemnted Single SignOn feature in my website which was developed on Framwork 2.0 using visual studio 2005.These website works on all browsers perfectly except that there two systems in my testing environment where the FormsAuthentication doesn't work on IE only.
On Those systems itself FormsAuthentication works for other browsers like mozilla.On these system I have checked that FormsAuthentication cookie is created but it lost it value as soon as other page is traversed.But when I try to login again it give me the messsage that user is already login i.e. user was able to login successfully.Both of them are currenlty using IE 8.
Following is the settins of my web.config:
[Code]....
View 2 Replies
May 3, 2010
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
Here is the relevant section of my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ASPWebAuthConnectionString" maxInvalidPasswordAttempts="10000000" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="nvpumps"
requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false"/>
</providers>
</membership>
View 3 Replies
Apr 16, 2010
I have a web app that allows users to upload images. Last week, all was well. This week, it appears the code is breaking. Here is the code:
Protected Sub btnUpload_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnUpload.Click
If FileUploadControl.HasFile Then
Dim month As String = ddlMonth5.SelectedValue
Dim year As String = ddlYear7.SelectedValue
' Dim whatis As String = FileUploadControl.PostedFile.ContentType
Try
If (FileUploadControl.PostedFile.ContentType = "image/jpeg") Or (FileUploadControl.PostedFile.ContentType = "image/pjpeg") Or (FileUploadControl.PostedFile.ContentType = "image/gif") Or (FileUploadControl.PostedFile.ContentType = "image/x-png")
Then
Dim fs = New FileStream(FileUploadControl.PostedFile.FileName, FileMode.Open, FileAccess.Read)
'save file with new size
Using image As System.Drawing.Image = System.Drawing.Image.FromStream(fs)
Using bitmap As New Bitmap(image)
bitmap.Save("C:WebsitesimagesCusRespData.jpg", image.RawFormat)
bitmap.Save("C:Websitesimages" & month & year & "CusRespData.jpg", image.RawFormat)
End Using
End Using
StatusLabel.Text = "Upload status: File uploaded!"
fs.Close()
fs = Nothing
Else
StatusLabel.Text = "Upload status: Only .jpg,.jpeg,.gif and .png files are accepted!"
End If
Catch ex As Exception
StatusLabel.Text = "Upload status: The file could not be uploaded. The following error occured: " & ex.Message
End Try
StatusLabel.Visible = True
End If
End Sub
On the development side, I see this error: The file could not be uploaded. The following error occurred: Could not find a part of the path. On the production side, this occurs: The following error occured: A generic error occurred in GDI+.
View 4 Replies
Jan 10, 2010
Until the Dec 29th my website was working fine. Then My fileupload problems started happening. My fileupload page would simply quit and say the page can not be found. I maximized all my timeout settings and that did not work. I called my hosting company and apparently they have no problem using my page to upload files from their geographical area. So then I concluded it might be a network problem. I ran a trace route and could not really figure out where the problem was. So, I have no idea what is going on. Is it possible that my site is being blocked by some black list out there somewhere?
View 3 Replies
Aug 25, 2010
I have a c# control class inside of a dll, then this control is embedded in a web page in an asp.net application by using the object tag. When the dll is compiled with .net 3.5 sp1 and the web application also runs in .net 3.5 sp1, the code works fine. But when the dll is compiled in .net 4.0 and the web application runs in 4.0, the control does not show up in the web page. All I see is a box with an object icon in the upper left corner.
View 1 Replies
Mar 17, 2011
Iam working on VWD express 2010, and things were going well, when the VWD crashed.I recovered my work and and realized that my controls stoped firing events.I removed and added button again, but in vain. I set "AutoEventWireup" and reset it also, but no use.I changed the code onto multiple systems. But the events wont fire. (I kept breakpoints also) My Web.config looks like this
[Code]....
And my page directive looks like this
[Code]....
And the non working code bit is this
[Code]....
View 4 Replies
May 4, 2010
I have been using a datagrid on various pages. For some reason it stopped working. When pressing the Edit to make a change to the record, the page posts back two times and the record does not go into the edit mode. I am using IE 7 for my browser. Below is my code.
[code]....
View 7 Replies
Aug 19, 2010
I'm still building). After loggin in, users are presented with 3 radio buttons (they work), and 3 cascading drop downs (they work). Below that is an AJAX Accordion with 5 panes, each pane has a tabpanel with 4 tabs, 2 of the tabs have gridviews that change based on who is logged in and the radio buttons and dropdowns above
View 1 Replies
Aug 5, 2010
I have designed a basic web user control to enter some values in a table. The control worked fine if it is used without similar control on same page. When another instance is pasted with different id, then both stopped working.
View 7 Replies
Feb 24, 2011
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
View 7 Replies
Feb 2, 2010
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
View 5 Replies
Nov 20, 2010
I'm trying to write a simple ASP.NET 4.0 app, using Windows authentication to login. This is on my peer-to-peer home network. When I click to login, it instantly shows my Windows identity, so it looks as though I don't even need to login, as it's already done that for me. However when I then go to any other page in the app, it looks as though I'm not logged in. Why is that and how do I fix it?
View 2 Replies
May 14, 2012
I'm using a common <machineKey> to allow two ASP.Net applications to share a single forms authentication ticket (ie. only need to login to one application to access both). My problem is that I only want users in a particular role to have access to the second application. What's the best way to implement this?
I've tried checking the role in Application_AuthenticateRequest() and doing FormsAuthentication.SignOut() if the role doesn't match, but that doesn't get picked up until the second request to the application. I can't redirect from Application_AuthenticateRequest() because that would just create a redirect loop.
View 2 Replies
Dec 8, 2010
I have website under "aaa.com" domain, and it's form authentication is working in that domain.
But when i call login page from "bbb.com" in frameset or frame, can't pass login page. İt's always redirect login page me.
internet explorer not working. But firefox work.
(There is no problem when i call "aaa.com/login.aspx" but if i call in frame "aaa.com/login.aspx" from bbb.com not work.)
View 3 Replies
Jun 29, 2010
I have created a we app. using win authentication. When type the server ip addres in chrome I get the login window and it works just fine with my organizations credentials, however when doing the same using Internet Explorer I have to login with the server credentials as my account is not valid.
View 1 Replies
Jan 27, 2010
Am in the middle of developing 2 projects and my AJAX Toolkit has stopped working, which is also stopping my designer filers being generated. Have the same problem in both projects. A sample error is below: Warning 3 Generation of designer file failed: Unable to create type 'cc1:CollapsiblePanelExtender'. Could not load file or assembly 'System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
C:UsersHuwDocumentsMy
Web SitesRegent2Regent2Master.Master 169 0 Regent2
View 1 Replies
May 11, 2010
I have 2 almost identical asp.net (vb) applications. 1 Development and 1 Production.
They use forms authentication that is configured to run in SQL server. Both apps use the same aspnetdb database but have different application names.
The problem I have is:I have an Identical login for each app (same username, same password), but If I change profile information for that user in the development app, the changes are reflected in production app. This isn't what I want.
View 2 Replies
Mar 18, 2010
I know this is working correctly beacuse when I publish my website to my hosting provider, and request a resource in a protected directory, and I am not currently authenticated, I get automatically redirected to my login page and then once successfully authenticated granted access and redirected back to the sure *.aspx file in my protected directory (assuming I am authorized for those resources).
So that is working no problem.
However, when I run this from visual studio 2008 (F5) in debug mode, I am not being required to authenticate. It simply serves up the protected resource without asking for my credentials.
If I put a [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] on a BLL class method, it will throw an security exception, but the page that is calling it is in a secure directory and I am never asked to authenticate using the login page.
I am closing and re-opening brosers, clearing cookies, etc..., but no matter what I do I am not automatically redirected to the login page, and the secure page when I launch from visual Studio running on the embedded local host. Thiis working perfectly externally, same build, same web.config, pointing to the same database, on the hosting provider. (yes, eventually, I will be using dev/test/prod db configurations to test, but for now for simplicity I am keeping it the same)
Not only is it maddening, but worse yet, it would obviously make testing this application impossible after the initial release.
View 1 Replies