Security :: Redirecting Inside Pop Ups With Form Authentication?
Mar 10, 2010
I'm using Form Authentication in my web application.In my application I have a lot of pop up windows that include form inside.when the form ticket expires the user is redireced to Login page.Also it happens inside a popup window. If user leaves the pop up open and come back after the ticket is expired, it redirects him to the Login inside that pop up.
Recently I start having customers that are not able to login into my site. I have used the same code for months and I can login and authenticate fine it is happening on some customers not all. That is why is so hard to recreate the problem.
What is happening the customer tries to login and get redirected back to loging page. In config file I have this
[Code]....
I can not think of some else, maybe cookies not able on client, or any other security issue, IE version.
I am using VWD 2010 on a windows 7 64 bit install. Using forms authentication I am not being redirected to the login page when not authenticated yet. Even if I start a new web site from template, clear out all cookies, I still go directly to default.aspx. The LoginView control displays the anonymous template verifing I am not authenticated.
configuration why redirection doesn't occur? Remember I am trying this with New Web site template with no mods so I don't think config issue is within application code.
we have an app built in Java and they use a button onclick of it will re-direct to IIS (to our screen)...what kind of authentication should I need to make sure whether user is coming from that Java screen...
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I want to create a web service that can authenticate user from my application. I will be sending user name and password from my app to the web service and that will deny or accept the user. I want to use form authentication using sql server. that this web service can be used by other team in my office so that they can just call the web service and the user will be authenticated.
Also, is it possible to use both form and windows authentication in my web service and authenticate the user both ways.
I have developed an Interanet web application using the windows Active directory authentication if user find then it automaticaly authenticated working correctly now my user wants the capability of being able to login to the intranet site as another user by providing the username and Password . For example, Team lead needs to login on other team memeber System to pefrom some task on his behalf if he or she is not aviable in office .
I have created a standard MS Login Page. However when I try to login on the page only by providing the Username system authenitcate the user ( not validating the password of that user)
Asp.net can be use window authentication. In my web site i want to control with window authentication and form. Is it possible to do?
If it possible to do how can be make it? Another one is, if i use window authentication, how can be identify group. For example. Sales group cannot be see purchase or etc. Window log in can be give group. So how can i define this part?
Then I add a Login control in Authenticate.aspx, after click Login button there is an error like this:
An error occurred during the execution of the SQL file 'InstallCommon.sql'. The SQL error number is 1802 and the SqlException message is: CREATE DATABASE failed. Some file names listed could not be created. Check related errors.Is there anyone know what the problem that Form authentication cannot directly apply to Dynamic Data site as usual?
I'm doing form authentication with roles to access areas of a website. The authentication is working great, but I'm having trouble with the roles piece. On the page in question (needing to narrow the access), the top lblGrps.text (below) shows I'm in the group I need to be in, while the response.write (also immediately below) reads false for the EdIT group:
I am developing a website in which I am using ASP.NET Form Authentication and everything is working fine as I am expecting. I can authenticate user from login form, I can read user roles from database and can add authenticate ticket in which user roles are stored as user data etc. etc.
Now I want to give user a page where user can update his roles in the database by selecting any role he/she want from the list of checkboxes. I know how to update the user roles in database but I want to know how to update user roles in the authentication cookie after database update.
Let's say in the start user is in "Seller" and "Buyer" role and later he want to become member of "Agent" role as well and he update his roles from the given page and everything is updated in database. Now according to database user is member of three roles but User.IsInRole("Agent") method is returning me false because the new role "Agent" is not updating in the authentication cookie.
How can I update a newly added role in authentication cookie when user is still logged in.
Now my user wants the capability of being able to login to the intranet site as another user. For example, IT guy needs to login on a user's system to set some data.
I have created a standard MS Login Page. However when I try to login on the page I get the message
Your login attempt was not successful. Please try again
I do not have a database (aspnetdb.mdf) storing user information but login against the active directory. Can you use the login form with windows authentication without a database?
I would like to add form authentication only on Admin folder.
when I add this into Admin/web.config
[Code]....
I'm getting this error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
I have a web form where I define an array of type struct and I redirected it in the <script runat="server"> section of the second web form. But when I use that array below, in the <script type="text/javascript"> section in the html code of the same web form an error occured in the for cycle saying that the array (Array1) is undefined, and also the counter which I also defined in <script runat="server"> section.
I have this code in the <script runat="server"> section of the second web form:
public struct Point1 { public float lat; public float long1; } protected void Page_Load(object sender, EventArgs e) { //Retreive from session Point1[] Array1 = Session["s1"] as Point1[]; //Run a Foreach loop int nCnt = 0; foreach (Point1 p1 in Array1) { float x1 = p1.lat; float y1 = p1.long1; nCnt++; } } and in the <script type="text/javascript"> section I have: var for (var i = 0; i < nCnt; i++) { lineString.getCoordinates().pushLatLngAlt(Array1[i][0], Array1[i][1],0); } lineString = ge.createLineString(''); lineStringPlacemark.setGeometry(lineString);
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
My requirements is when one other website call my service (httphandler) and in response i will provide one parameter which is
value of form authentication cookie
now that website call my website with that cookie value as query string , how to check from that cookie value that particular use is authenticated or not ?
how to add pages in the Form Authentication Sample Code. I am required to add a registration form in this Custom Security Solution. It lets me add the .cs files but when I add .aspx file, it gives errors in building. let me know what architecture have they followed? Why they have .resx files?
I've encountered a problem with intranet ASP.NET Application using AD Form Authentcation. The login and authorization is built using this KB http://support.microsoft.com/kb/316748. It works fine on DEV but not in UAT and PROD.
Basically, the problem is:1. In DEV, users see login page and they enter domain user name and password and login process happens with no issue.
2. But in PROD and UAT, the same application when the users see the login page (first time) and they submit the login form no response. The login button does nothing. The user closes the browser and come back to login page and it works second time. Strange, this doesn't happen in DEV.
3. Further, on DEV by changing the LDAP path to PROD or UAT, the users can still login the first time. It's only the PROd and UAT that seems to be a problem. Not sure whether it's IIS setting or domain policy or something else.....
Not sure what's causing this issue. The only difference that I can see between DEV and UAT/PROD is:
1. DEV has no load balance but UAT and PROD has.
2. In DEV application is installed under Default Website and on PROD/UAT it's under new website.
The IIS settings has been setup as per given KB. I