We have a windows 2003 webserver which hosts .NET applications. Since last Microsoft security updates formsauthentication on all websites works only on non IE browsers? Before the update we experienced no problems.
View 2 RepliesWhat is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
I'm writing a web site (ASP.NET/C#) that is specifically targeted at mobile phones.On the master page I have put an ASP menu. This works fine in IE8 and Firefox, but when I try viewing it from my Nokia browser, while the menu is visible, its behavior is incorrect: I tap on the menu to open it, and instead of opening the next level of menus, the control disappears altogether!Interestingly, I got the same behavior using Chrome on my computer.I haven't yet tried on Safari, but the message is already pretty clear: the ASP.NET menu control doesn't work on the Nokia browser, and that is a showstopper. What alternatives do I have? It needs to work on Nokia, Safari and Opera, at least.I saw in a similar question that someone suggested writing a custom server control. Nice idea, I'm sure... but how do you explain that to this ASP.NET newbie?
View 1 RepliesI have the following code in my secure/login.aspx page using .NET 3.5 and VB.NET
[Code]....
[Code]....
I read some articles that mentioned specifying the domain attribute within the <forms tag but that did not seem to work either. e.g.
what is the use formsAuthentication.user.identity
is it one of the property of page
I have a login page that is set to the loginUrl property in the authentication section of my web.config file. I am trying to reference a CSS stylesheet, but it doesn't seem to be doing anything. Here is my markup:
[Code]....
I am able to do this just fine on my other page. One thing I noticed was when I click on "View Source" and try to click the link to the stylesheet, it doesn't take me there, and instead changes the "action" property of the form element to this:
[Code]....
Just a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
In my account controller I am calling FormsAuthentication.SetAuthCookie( emailAddress, rememberMe ).
Response.Cookies has my cookie. However, after the redirect the cookie is gone and the request is not authenticated.
I am using Forms Authentication in my VS-2005 website.In case of wrong credentials or while explicitly requesting protected pages the website is able to redirect user to login page. However, when correct login credentials are provided the application is not able to redirect the user to the desired page.While debugging I found that 'Request.IsAuthenticated=False' just before I redirect the user to the desired page.While coding I thought that this property will be set to true automatically after I generate the Authentication ticket. So do I need to set it explicitly inside the submit button click on Login page after validation?BTW I have not used the 'GetAuthcookie', 'SetAuthCookie' or 'RedirectFromLoginPage' methods.
I am posting the code inside the submit button click on the Login page as well as the Authentication and Authorization tags in web.config.
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="~/Login.aspx" cookieless="UseCookies" path="~/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Protected Sub btnsubmit_click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnsubmit.Click
'here first validate if the user is valid user
ad = New Aranya_Data
[code]....
i have created a custom principal class, and a custom Identity.
named SystemIdentity and SystemPrincipal.
SystemIdentity class has some additional properties ( UserID, UserName, Age, ...)
in my Global.asax file I changed PostAuthenticateRequest event as bottom
[code]....
i wonder theese questions answer now:
1. where i can assign the additional properties of SystemIdentity ( UserID, UserName, Age, ...)
2. which Identity is Authenticated by FormsAuthentication.SetAuthCookie? is my custom Identity, or GenericIdentity?
I have configured Forms Authentication in my web config file as below.
Following is my code
[Code]....
The issue is that FormsAuthentication.Authenticate never returns true. This is a very simple website with only two pages and no other code(The code too was copied from MSDN).
[Code]....
I've implemented my custom membership provider. I use third server for authentication (call web method that validates user/password). I need this user/password for retrieve some additional data from this server. Asp.net MVC uses FormsAuthentication and cookie for keep 'login state' by default. It works well when I login on site first time. But when I close and open site again sometime after, cookie keeps it 'login'but I don't have credential for access to server data. I can change cookieless attribute (to 'UseUri' for example) in configure file but in this case I should login again if I open second tab with this app in same browser.My questions:
Is way to call SingOut of FormsAuthentication (remove authentication ticket from browser) when user closes asp.net mvc app?Is secure way to pass user/password data through session? Because server is unstable and interrupt connection often and app should have possibility for silent reconnect.
My client wants 2 separate login pages for an ASP.Net app, one for regular users, one for support staff. I am using the standard FormAuthentication component for authentication. Is it possible to redirect a regular user to one login page after a timeout, and also to redirect an admin user to a different page after a timeout? The loginUrl attribute of <forms> in web.config is read-only, and cannot be edited at runtime.
Regular User -> Timeout -> Login.aspx
Support User ->Timeout -> SupportLogin.aspx
I Need to Authenticate a User by using FormsAuthentication.SetAuthCookie and Check User is Authenticated in Another page Load How to Do this anyone?
Login Page
if (txtuname.Text == "mike")
{
FormsAuthentication.SetAuthCookie("mike", true);
Response.Redirect(FormsAuthentication.DefaultUrl);
}
Welcome Page
PageLoad()
{
}
I'm trying a lot a things in these days around the Login control. What I want: to keep the user logged ind also when she close the browser. When se returnes to the page, she should be moved to the DestinationPageUrl of the login control.
My Login control:
[Code]....
My Codebehind file for the login control:
[Code]....
My web.cofig settings:
[Code]....
As you can se, I have learned (from google and here in forums.asp.net) that I need to do a FormsAuthentication.SetAuthCookie but I have one problem....... If I do nothing in the page_load the control doesn't keep me logged in through sessions.Is there anyone who can help me, and either explain og link me to a page, where I can see, how I can get the UserName and Password from the FormsAuthentication.SetAuthCookie I maid. I also need to know if when I get UserName and Password from cookies andthen redirect to the /Content/Default.aspx page in page_load the system knows (formsauthentication) the user is logged in?
I have a littel problem.
In my asp.net application iam using Form FormsAuthentication.... and also use a session var to save a userID..
The problem is that ´when my session espire, the Form cooki is not expired.
I want form cooki to expire, when session expires....how?
Do i have to do it in Session_end event..
How do the code look like?
I am getting a "System.NullReferenceException" when I call
View 3 RepliesI know this post is the same than other around but I can't get it to work the way I want, the thing is that the Login.aspx page have it in a folder not in the root of the directory, also the page that I want to redirect the user to is in the same folder, so far I got this in my web.config file
[Code]....
All pages contained in the Admin folder want it to be protected, the administrator needs to authenticate first, so my question is what I am doing wrong? need to take the Login.aspx and the admin.aspx out of the admin folder?
How to set Request.IsAuthenticated to true when not using FormsAuthentication.RedirectFromLoginPage?
View 3 RepliesIn my website i am creating a custom FormsAuthentication ticket during log in. This ticket stores the userid but i also need to specify the role of the logged in user. How do i do it?
View 2 RepliesI'm trying to encrypt some userData to create my own custom IPrincipal and IIdentity objects using Forms authentication - I've serialized an object representing my logged in user to Json and created my FormsAuthentication ticket like so:
string user_item = GetJsonOfLoggedinUser();/*get JSON representation of my logged in user*/
System.Web.Security.FormsAuthenticationTicket ticket =
new System.Web.Security.FormsAuthenticationTicket(1,
WAM.Utilities.SessionHelper.LoggedInEmployee.F_NAME + " "
+ WAM.Utilities.SessionHelper.LoggedInEmployee.L_NAME,
DateTime.Now, DateTime.Now.AddMinutes(30), false, user_item);
string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);
HttpCookie auth_cookie =
new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket);
Response.Cookies.Add(auth_cookie);
However, the string encrypted_ticket is always null. Is there a limit on the length of the user_item string?
How do I use the FormsAuthentication.Authenticate(Username,Password) method to match against the generated Database?..since as far as I have read, it matches the values against the Web.config.
View 1 RepliesProblem: I am using FormsAuthentication.SetAuthCookie(UserId, False)[Snip]Response.Redirect("~/login_pages/home2.aspx") ' Force round trip so that logon works OK to logon a user. It all works fine with other browsers, and IE7 provided that IE7's PRIVACY (originally I had written "Security") setting is Low. However it doesn't work when the PRIVACY setting is Medium (the default).
How do I solve this problem? I would have expected that FormsAuthentication.Authenticate(Userid, password) was the solution, but this doesn't seem to work at all.
I set up my web site to use SSL encrption and I set the settings in IIS to ignore client certificate. But when i access the web site from a client browser, it still shows "403" error.
View 1 RepliesI have a Default(contains the sign-out button) and Login page, once the user is not authenticated, it will always redirect the user to login page.
So the scenario is when the user hit the sign-out button it will redirect him to the login page which is good. My problem is, when the user hits theprevious or back button from the login page,it will still read the authorization cookies and redirect him to the default page. which should not be the case. the user should be redirected to login page when authentication is invalid.
I've read some solutions on the net, but still it doesn't work for me. below are the codes I've used for my sign-out function
[Code]....
By the way, when the user is authenticated, the previous or back button is available/enable for the user.