Once the user has authenticated, I would like to base all of the information displayed to the user based on their username. Isn't that saved in the cookie?
For instance, I would like to pull all of their client information using a GridView and have the parameter set to the appropriate authentication information.
I am trying to create a cookie for storing Username and Password.
This is so far I am :
[Code]....
But I am getting error :
[Code]....
Do we know the algorithm that asp.net uses to create the authentication cookie (when using forms authentication?)
Can we basically create our own copy implementation? if so, how?
What does it use to generate the encrypted cookie value, I know it uses whatever you pass into the SetAuthCookie call (which is usually the userID/username).
I have a bunch of applications that currently share the authentication cookie in v3.5.
We're in the process of upgrading to 4.0 and also upgrading the applications as a whole. I have 1 done, and would love to deploy it. However, as soon as I do, I lose my sharing of authentication cookie in that application.
In each web.config, my machine key is declared. I removed the actual keys to protect the innocent. :)
<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<!-- DEV Server -->
<forms enableCrossAppRedirects="true" loginUrl="Logon.aspx" name=".COOKIENAMEHERE" protection="All" path="/" slidingExpiration="true" timeout="1440"/>
</authentication>
My users need to stay logged in for 1 day, so I used a persistent authentication cookie with an expiration of 1 day but it still times out after 20 minutes (which is the default timeout for the session, not the cookie).
This is my code:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" path="/" />
</authentication>
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, "username", DateTime.Now, DateTime.Now.AddDays(1), true, "userdata");
string encTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
I also have manually-generated validation and decryption keys:
<machineKey>
validationKey="......."
decryptionKey="......."
validation="SHA1"
</machineKey>
We have had a bug recently where users are logging into an application with multiple browser tabs. They are editing a content page which means that they can be working on a page for sometime (ie with no postbacks) They finally click save and because the session has timed out it takes then to login page. I initally resolved they by adding a reminder that the session is about to expire which initally resolved the issue. It has been noted that even when they are within session time out they still got redirected to login page (and loosing the data on the form). We had real problems replicating the issue but have finally managed to do so now and I have learnt some curous features of .net Forms Authentication.
I have set up a test project which has the membership controls on etc. I have set the Timeout on the <forms> tag
<forms loginUrl="~/Account/Login.aspx" timeout="2" />Case 1I then open two browsers windows (side by side), both on the login page (and logged out)On the left window I login (and start a timer)after 40 seconds on the right window I navigate to a page (which takes me to the page as I have logged in on left window )I then wait until the full 2 minutes has elapsed (but before 2 Minutes and 40 seconds) and then try and navigate to a page on the left window.It redirects me to the login pageI would expect it to allow me to navigate to as I have kept my session open on the right window.Case 2I then open two browsers windows (side by side), both on the login page (and logged out)On the left window I login (and start a timer)after 90 seconds on the right window I navigate to a page (which takes me to the page as I have logged in on left window )I then wait until the full 2 minutes has elapsed (but before 2 Minutes and 40 seconds) and then try and navigate to a page on the left window.It Navigates to the page keeping me logged in.After a bit of reading around the subject I have found out that the slidingexpiration property only renews the cookie if it is in the last 50% of the timeout value:
Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed[URL]
My Question is: How can I override this bit of functionality?
Is there a property to set somewhere to "Always renew cookie"?
Is there another workaround. Unfortunately I can't increase the timeout because of a complience issue (it must be set to 15 minutes)
I could retrieve current username, but how Could I get CurrentUserID. I ma using builtin asp.net membership provider and UserID field is UniqueIdentifier.
View 5 RepliesI have secured my website using Web.Config (authentication mode Forms)
Now I want to create an Admin area where administrator can edit the password.
But how do I retreave password from Web.Config?
Want the password to be displayed in TextBox.
Have found this:
[Code]....
How to get the username and password of the user in ASPNETDB. I am using ASP.NET 2.0 and C#.
I have configured the membership provider. I want to retrieve the username and password from the aspnet db?
How do I retrieve the UserName for a logged in user? Membership.GetUser().UserName doesn't work for me - Object reference not set to an instance of an object.I need it to get the associated UserID which my own db tables use as primary keyFurthermore, as I am a rookie is the best approach to achieve this through LoggedIn as below?
[Code]...
My requirements is when one other website call my service (httphandler) and in response i will provide one parameter which is
value of form authentication cookie
now that website call my website with that cookie value as query string , how to check from that cookie value that particular use is authenticated or not ?
is it possible to preserve authentication for ASP.NET Forms authentication cookie,btween Http and Https (different domains) and back?I mean haveing single signon for two domains say http://www.mydomain.com and https://members.mydomain.comI've seen on quite asp.net sites that have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in.
View 1 RepliesFor some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?
[code]....
Without reading the whole text below, since this is on the ASP.Net side ... basically I think I need to know if there is a way to reduce the size of the forms authentication cookie. When using a DotNet 2.0 website, the ASPXAUTH cookie is about 232 bytes ... when using the same source code but upgraded to DotNet 4.0. the cookie is approximately 264 bytes, setting the ticketCompatabilityMode does not reduce the size since I think the default setting is Framework20. I length of the cookie, including the its' name can not be larger than 256 bytes in order to use it with the "Client Application Services".
I only did a cursory search of the asp.net forums, but will dilligently look for an existing solution.
----- BACKGROUND AND RESEARCH -----
I have been using all three features of client application services (authentication, profiles, and roles) in my windows app (DotNet 3.5 framework) for almost two years now. Up until now, I have not had any problems. This week I hit a brick wall and am pretty stumped with two seperate but related issues.
Issues:
In development, we decided to upgrade our websites/services to DotNet 4.0. All applications upgraded successfully. However we are unable to log into our application using Client Application services. No matter what user we use, Membership.ValidateUser returns false. Since we know the username and passwords, we thought this was strange. When debugging the application, we found that Membership.ValidateUser was throwing an InvalidOperationException (see below for complete exception) stating that the ASPXAUTH property was too long, longer that the schema created in the SQL/CE database. (See below for things tried).
In production .. A user all of the sudden could no longer gain access to the application. Upon inspection, his ASPXAUTH cookie was 264 characters long (9 characters longer than the schemas nvarchar(256)). Even though the user was being authenticated on the "server side", and the JSON query returned "{"d":true}", Membership.ValidateUser returned false. Again, as in the case above, the actual error was ...
Message=@PropValue : String truncation: max=256, len=264 ...
I am assuming I am missing something very simple or that I overlooked a settings. In development, this is not a huge issue as I can release the Dotnet 4.0 websites when I am ready. But now that this has happened to a client on a production system, it is very worrisome.
[code]....
authentication cookie persistance to true on a aspx website,this works great.now I have made an affiliate website (HTML + iframe (same aspx)) and it does not keep my user logged in after closing browser.
View 1 RepliesI had implemented the Forms Authentication for my application and used in-built login control for validating user credentials. I am creating persistant cookie using FormsAuthenticationTicket when the user checks 'Remeber Me' checkbox in login page.
Next time when I browse my application, it directly goes to resource access pages without redirecting to login page. This is the common approach in Forms Authentication with persistant cookie.
My requirement is, Is it possible to get username only in login page when using persistant cookie with Forms Authentication without redirecting into resource pages?
The same can achieve using cookies without using forms authentication. I need get the username automatically in login page using Form Authentication.
I have an asp.net c# site that I have setup in IIS 7 and am loading into a sharepoint frame. Sharepoint doesn't prompt for domain credentials but my site does?In IIS I have enabled basic and windows authentication so I can get the domain users username, so if there is a way to get this without prompting that'd be a perfect solution for me.I am using the follwing statement to get username:
System.Web.
HttpContext.Current.User.Identity.Name
My requirement is multiple domains (not subdomains) share cookie of form authentication
how to implement same?
I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:
<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />
</authentication>
And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:
If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.
I'm bangin' my head against the wall here. I'm not even sure what I want to do is possible.
I have developed an ASP.NET app that will only be run on my local network (which incorporates a Windows Domain). It's running on IIS 7.5.I want to do this:
[Code]....
My problem is this: If I don't turn off Anonymous Authentication and ASP.NET Impersonation, I don't get the results I'm looking for. (if Anonymous is allowed, I get an empty string returned for username, and if ASP.NET impersonation is allowed, then "username" is always whatever account is associated with impersonation, like "Network Service"). If I turn those off and then turn Windows Authentication on, it works, but only after a dialog box presents itself asking for the Windows Credentials.
What I'm trying to do is NOT require the users to log in. Since they've already logged into the domain when they signed on their computer, I'd like to just allow them access to the ASP.NET application I've written, and identify who they are (based on their previous Windows login) using the line of code above. I don't need them to re-authenticate, because they're already authenticated from their domain login.I can't figure out what I'm doing wrong, or how to accomplish this. It seems the closest I've gotten to what I want so far, is to turn off all authentication EXCEPT for Windows Authentication. It works then, but only if the user first types in his/her username and password again in a dialog box. Is there any way to avoid having them type in their username and password again, but still be able to identify their domain username?
In the web.config, how do add a connection string by using a window authentication with the username and password? I have tried like this and it keeps ignoring the username and password
<connectionStrings>
<clear/>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Integrated Security=SSPI;Initial Catalog=ufiledb;Data Source=MyServer;User Id=user1;Password=xxxxxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.
I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??
For IE i have added website into trusted zone but still it's asking for username and password.
R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.
One our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
View 1 RepliesOk, I almost hate to ask this because I'm sure it's been covered many times on this forum, but I'm starting to get too frustrated trying to get it to work, so I'm gonna ask anyway.I have setup forms authentication on my site and have it working without any issues. What I'm trying to do now is to add "Remember Me" functionality so that the users don't have to log in each time they access the site. I'm able to get the authentication part down, but the issue I'm having is that when the user logs in, I set certain attributes in Session variables for that user (name, site role, etc.). These values are obtained from a database after the user has been authenticated, based on the username. What I'm having problems with is getting at this username from the FormsAuthentication cookie.
After I authenticate the first time, I setup my cookie this way:
[Code]....
I have tried getting at the Username utilizing the User prinicipal, but it just returns blank.
We have a link in our site that pin points to sharepoint documents and we are retreiving some documents files (*.doc). Our sharepoint uses IWA (integrated windows authentication) which is prompted if we're trying to access that documents, unfortunately we don't want to prompt that window to authenticate the user. We need is to create a username and password and authenticate it. how can we do that.
Note* we have 2 server one for our application and the other one is for sharepoint.