Security :: IE7 Privacy Settings Preventing FormsAuthentication.SetAuthCookie From Working?
Mar 29, 2011
Problem: I am using FormsAuthentication.SetAuthCookie(UserId, False)[Snip]Response.Redirect("~/login_pages/home2.aspx") ' Force round trip so that logon works OK to logon a user. It all works fine with other browsers, and IE7 provided that IE7's PRIVACY (originally I had written "Security") setting is Low. However it doesn't work when the PRIVACY setting is Medium (the default).
How do I solve this problem? I would have expected that FormsAuthentication.Authenticate(Userid, password) was the solution, but this doesn't seem to work at all.
View 1 Replies
Similar Messages:
Jan 8, 2010
In my account controller I am calling FormsAuthentication.SetAuthCookie( emailAddress, rememberMe ).
Response.Cookies has my cookie. However, after the redirect the cookie is gone and the request is not authenticated.
View 6 Replies
Mar 16, 2010
What is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
View 3 Replies
Mar 15, 2011
i have created a custom principal class, and a custom Identity.
named SystemIdentity and SystemPrincipal.
SystemIdentity class has some additional properties ( UserID, UserName, Age, ...)
in my Global.asax file I changed PostAuthenticateRequest event as bottom
[code]....
i wonder theese questions answer now:
1. where i can assign the additional properties of SystemIdentity ( UserID, UserName, Age, ...)
2. which Identity is Authenticated by FormsAuthentication.SetAuthCookie? is my custom Identity, or GenericIdentity?
View 2 Replies
Mar 12, 2010
I Need to Authenticate a User by using FormsAuthentication.SetAuthCookie and Check User is Authenticated in Another page Load How to Do this anyone?
Login Page
if (txtuname.Text == "mike")
{
FormsAuthentication.SetAuthCookie("mike", true);
Response.Redirect(FormsAuthentication.DefaultUrl);
}
Welcome Page
PageLoad()
{
}
View 1 Replies
Jul 22, 2010
What is the use of FormsAuthentication.SetAuthCookie(Session["UserSession"].ToString(), false);
View 1 Replies
Aug 15, 2010
the question is how can i delete a coockie that is created with FormsAuthentication.SetAuthCookie?and how can i set the coockie to have more duration?
View 39 Replies
May 8, 2010
Got the following issue:Tried in IE7 (may be the same problem in other browsers) to log into a website programmed in asp.net 3.5 with C#. Log in fails. Nothing happens, no error, no crash, it just does not log in. Setting the privacy to medium high resolves the problem. As far as I am aware the website does not use cookies.Any idea what the problem could be? Can this be resolved to enable users to log in regardless of their privacy settings?
View 18 Replies
Jan 29, 2010
I am using DotNetOpenAuth in my ASP.Net Website. I have modified it to work with Facebook Connect as well, using the same methods and database structures. Now I have come across a problem.
I have added a Facebook Connect button to a login page. From that HTML button, I have to somehow pull information from the Facebook Connect connection and pass it into a method to authenticate the user. The way I am currently doing this is by:
Calling a Javascript Function on the onlogin function of the FBML/HTML Facebook Connect button. The javascript function calls a Web service to login, which it does correctly. The web service calls my data access layer to login. And here is the problem: FormsAuthentication.SetAuthCookie is set at the data access layer. The Cookie is beyond the scope of the user's page and therefore is not set in the browser. This means that the user is authenticated, but the user's browser is never notified. So, I need to figure out if this is a bad way of doing what I need or if there is a better way to accomplish what I need. I am just not sure and have been trying to find answers for hours.
View 1 Replies
Aug 3, 2010
I have a WCF service. For security reasons, I need to ensure that all 3 goals of security are attained (Privacy, Integrity and Authentication). We are planning to use x.509 certificate. My question is, Does just using x.509 certificate for message security ensure me of all 3 goals?
I am planning to set up the x.509 certificates as mentioned in following article
For message security use following links
[URL]
[URL]
View 3 Replies
Mar 23, 2010
I have an ASPX web site and I have code in there to redirect from the login page with the call to
"FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and the call to redirect works on a previous version of the website we have running currently, but the one that I am updating on a separate test server is not working. It gives me the error "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." I have this in the config file:
<authorization>
<allow users="*" />
</authorization>
under the "authentication" option and...
<location path="Admin">
<system.web>
<authorization>[code]....
for the location of Admin.Also, there is no difference in the code between the web.config, Login.aspx, or the default.aspx files on the current server and the one on the test server, so I am confused as to why the redirect will not work on both. It even works in the Visual Studio server environment, for which the code is also identical.
View 1 Replies
May 5, 2010
I have the following code in my secure/login.aspx page using .NET 3.5 and VB.NET
[Code]....
[Code]....
I read some articles that mentioned specifying the domain attribute within the <forms tag but that did not seem to work either. e.g.
View 4 Replies
Jul 12, 2010
I have a web site with an administrative section. All administrative pages are stored in a directory called "db/administration". There is only one user that I want to have access to the pages in this directory. That user's username is "system". Currently, I am using the following approach in my web.config file:
[Code]....
When I logged in as another user, I was still able to access pages under db/administration when I navigated to them through the browser's address bar. What am I doing wrong?
View 2 Replies
Jun 3, 2010
I want to prevent cross site scripting in my website.....is dat good to use innerhtml,htmlencode?
View 3 Replies
Oct 7, 2010
what is the use formsAuthentication.user.identity
is it one of the property of page
View 1 Replies
Apr 23, 2010
I have a login page that is set to the loginUrl property in the authentication section of my web.config file. I am trying to reference a CSS stylesheet, but it doesn't seem to be doing anything. Here is my markup:
[Code]....
I am able to do this just fine on my other page. One thing I noticed was when I click on "View Source" and try to click the link to the stylesheet, it doesn't take me there, and instead changes the "action" property of the form element to this:
[Code]....
View 2 Replies
Dec 1, 2010
Just a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
View 1 Replies
Nov 6, 2010
We have a windows 2003 webserver which hosts .NET applications. Since last Microsoft security updates formsauthentication on all websites works only on non IE browsers? Before the update we experienced no problems.
View 2 Replies
Jan 21, 2010
<asp:HyperLink id="HyperLink1" runat="server" Text="Email" NavigateUrl="mailto:example@mydomain.com" />
This is how I added an email link on my page, but does .net have any built in tool for preventing Robots from finding this address? What is a good way to present an email link that wont be detected by spam robots?
View 1 Replies
Aug 9, 2010
I am using Forms Authentication in my VS-2005 website.In case of wrong credentials or while explicitly requesting protected pages the website is able to redirect user to login page. However, when correct login credentials are provided the application is not able to redirect the user to the desired page.While debugging I found that 'Request.IsAuthenticated=False' just before I redirect the user to the desired page.While coding I thought that this property will be set to true automatically after I generate the Authentication ticket. So do I need to set it explicitly inside the submit button click on Login page after validation?BTW I have not used the 'GetAuthcookie', 'SetAuthCookie' or 'RedirectFromLoginPage' methods.
I am posting the code inside the submit button click on the Login page as well as the Authentication and Authorization tags in web.config.
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="~/Login.aspx" cookieless="UseCookies" path="~/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Protected Sub btnsubmit_click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnsubmit.Click
'here first validate if the user is valid user
ad = New Aranya_Data
[code]....
View 1 Replies
May 9, 2010
I have configured Forms Authentication in my web config file as below.
Following is my code
[Code]....
The issue is that FormsAuthentication.Authenticate never returns true. This is a very simple website with only two pages and no other code(The code too was copied from MSDN).
[Code]....
View 3 Replies
Sep 9, 2010
I've implemented my custom membership provider. I use third server for authentication (call web method that validates user/password). I need this user/password for retrieve some additional data from this server. Asp.net MVC uses FormsAuthentication and cookie for keep 'login state' by default. It works well when I login on site first time. But when I close and open site again sometime after, cookie keeps it 'login'but I don't have credential for access to server data. I can change cookieless attribute (to 'UseUri' for example) in configure file but in this case I should login again if I open second tab with this app in same browser.My questions:
Is way to call SingOut of FormsAuthentication (remove authentication ticket from browser) when user closes asp.net mvc app?Is secure way to pass user/password data through session? Because server is unstable and interrupt connection often and app should have possibility for silent reconnect.
View 3 Replies
Jun 29, 2010
My client wants 2 separate login pages for an ASP.Net app, one for regular users, one for support staff. I am using the standard FormAuthentication component for authentication. Is it possible to redirect a regular user to one login page after a timeout, and also to redirect an admin user to a different page after a timeout? The loginUrl attribute of <forms> in web.config is read-only, and cannot be edited at runtime.
Regular User -> Timeout -> Login.aspx
Support User ->Timeout -> SupportLogin.aspx
View 1 Replies
Jun 19, 2010
I'm trying a lot a things in these days around the Login control. What I want: to keep the user logged ind also when she close the browser. When se returnes to the page, she should be moved to the DestinationPageUrl of the login control.
My Login control:
[Code]....
My Codebehind file for the login control:
[Code]....
My web.cofig settings:
[Code]....
As you can se, I have learned (from google and here in forums.asp.net) that I need to do a FormsAuthentication.SetAuthCookie but I have one problem....... If I do nothing in the page_load the control doesn't keep me logged in through sessions.Is there anyone who can help me, and either explain og link me to a page, where I can see, how I can get the UserName and Password from the FormsAuthentication.SetAuthCookie I maid. I also need to know if when I get UserName and Password from cookies andthen redirect to the /Content/Default.aspx page in page_load the system knows (formsauthentication) the user is logged in?
View 3 Replies
Feb 20, 2010
I have a littel problem.
In my asp.net application iam using Form FormsAuthentication.... and also use a session var to save a userID..
The problem is that ´when my session espire, the Form cooki is not expired.
I want form cooki to expire, when session expires....how?
Do i have to do it in Session_end event..
How do the code look like?
View 2 Replies
