Security :: Why A Forms-authenticated User Needs To Login Again To Role Subfolders In An IIS Server Environment
May 7, 2010
Followed the code sample of Chapter 10 (Logging in) of the Book, Microsoft ASP.NET 2.0, I created an ASP.NET 3.5 website with Forms Authentication. The sample code used Website Administration Tool (WAT) to manage the users, roles, and authorization.When running in the ASP.NET Development server environment, I can first login, then click to open the links for each for the 3 roles.
However when running the sample code in the IIS server environment, I can login but can not open the links for the role subfolders.Clicking each link popped up an error message for opening a login.aspx from the specific subfolder. I don't have a Login.aspx file in each subfolder.The 3 role subfolders were configured as the virtual folders in the IIS Server. Why the sample code worked fine inASP.NET Development server environment, but got an error message from theIIS Server environment? Why an authenticated user can not open the subfolder homepage?
View 5 Replies
Similar Messages:
Jul 15, 2010
i currently develop an asp.net mvc 2 web app using asp.net membership and role management for authenticating and authorizing my users. I get complaints though that when adding a role to some user, he is not able to see new role assigned functionality, unless he re-enters (logout and login again) the application.
View 2 Replies
Jun 14, 2010
I have a site almost finished that uses ASP.Net membership, forms authentication and roles. There are one or two requirements remaining and I'm not even sure how to properly approach one of them.
The site I've created is going to provide service ONLY through SSL, if that matters. Yes, I'll redirect a request that lands on port 80 but the intent is to encrypt everything.
Is there a "best practice" for creating a session with my site, from another site? In other words the company is building a marketing page that has spaces for a login and password. I can find lots of posts about passing a username and password to another
site to start a session, but very few if any about receiving the username and password.
If anyone can point me to an article or posting with a code sample where the login control of a forms-authenticated site is used as the target of a form hosted as part of a different web page/application on a different host, it'd be awesome.
To be clear, the scenario is essentially "brochureware website on a 3rd-party host" providing the visitor the ability to log in to a secure site on a more "internal" server.
View 1 Replies
Feb 22, 2011
How to make the current user Authenticated without login.
In other words, what should I do to get true when I ask User.Identity.IsAuthenticated without login?
Should I create a cookie manually? if so, what's its name, what's its value!!
View 1 Replies
Dec 18, 2010
How can I use session variable to display user information after authenticated login like Address: 37, kings Road. Position: Secretary base on User ID
View 2 Replies
May 26, 2010
I am trying to create a Forms Authenticated site and have already used the aspnet_regsql tool to create the necessary logic in my SQL Server DB to hold my data. Now, I am looking to create a custom Membership, User and Role provider for my DB model. I was looking at the following video: [URL]
Now, I get the concept on how to go about it but I notice that this guy uses custom DB Procedures as to the ones that are generated by the aspnet_regsql tool. Can anyone direct me on where I can find info on how to go about building the Membership, User and Role provider class using the DB structure that aspnet_regsql generates? So much junk on google that I am having a hard time finding good guidance.
View 1 Replies
May 9, 2010
I want to display a menu (which will be strongly typed with it's own unique model) across all pages only if a user is logged in.What menu items are available depend on the user's role and also I'll need to hit the repository to get numbers like "x Messages", etc
Been scratching my head for a simple solution here. Don't want to create something that need changes all over the place.All my controllers derive from a BaseController, all my Models from BaseViewModel....probably where I'll be implementing functionality for this.
View 3 Replies
Jan 6, 2011
I am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.
View 1 Replies
Mar 29, 2010
I want to have my code fetch the authenticated user name that is running my code. There's a line or two of code that will accomplish this and I had it but I've misplaced it.
View 7 Replies
Oct 8, 2010
I have a web application on IIS that will authenticate using windows authentication (Active Directory). So when they access the application http://iisserver/webappname/ it ask for username pwd and domain. (currently working) How can I get information of the authenticated user in the web app through c#?
View 3 Replies
Aug 18, 2010
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot
edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx")
c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
[Code]....
View 2 Replies
Mar 18, 2010
Is it possible to have multiple login pages for different folders within an asp.net application? Say I have this structure:
/admin
/customer
/login-admin.aspx
/login-customer.aspx
I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page).
In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure thaf if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ?
View 1 Replies
Dec 16, 2010
I got only one ideas to control with the session. When user log into the master page, I insert the current login user and session ID and active status to the SQL table. if user logout manually or close the browser or session expired, I want to change the inactive status. So I can check how many active user are there and the system can prompt the required info to the user. But now, I can't find the soultion to change the inactive
status in above condition.
That doesn't seem right to me. I m sure I 'm making incorrect assumption about this matter.
View 3 Replies
Feb 7, 2011
Show Authenticated user on Intranet:
Response.Write("UserName is: " + User.Identity.Name);
In Web.config:
<authentication
mode="Windows"/>
<authorization>
<allow
users="?"/>
</authorization>
This works fine on local server. But not on Intranet.
On Intranet, it was working fine on IIS 6.0.
But on IIS 7.5, the user doesn't get authenticated.
View 3 Replies
Jun 8, 2010
Since I need user click a link from his/her email once they registered, currently after user registered, and click the "Continue" button (CreateUserWizard1_ContinueButtonClick) or CreateUserWizard1_UserCreatedSuccess, it will be authenticated, how do I prevent this until they click the active link from their email?
View 1 Replies
Feb 17, 2010
i have a "CreateUserWizard" in my page, the problem is i cant give a roll to that user, only a default role.
I tryed to it with a dropdown with roles and doing if's in the code behind but doesnt work, someone know how to do it?
ASPX:
[Code]....
C#:
[Code]....
View 9 Replies
Oct 28, 2010
I am currently working in an ASP.Net application where i need to implement ASP.Net Membership and Roles. I have used Login controls in my pages. Also I am using a menu in the master page, which is getting data bindings from database. For data bindings I am using XMLDatasource and a transform file (.xslt file). I need to bind the data to the Menu based on the user roles.
My issue is that the generated Menu is not behaving consistently. Sometimes it will show the correct menu for a particular role and some times it will show previously loaded data.Providing my code here:
masterpage.master.cs
private void LoadMenuItems() {
System.Security.Principal.IPrincipal User;
User = System.Web.HttpContext.Current.User;[code]....
View 7 Replies
Feb 7, 2010
I currently have a ProfileCommon enabled on my site and would like to know where I would start to transfer this ProfileCommon's context to a user's profile after he/she has logged in. Here is a snippet of how I have defined this ProfileCommon:
[Code]....
View 2 Replies
Jul 12, 2010
I have develop an ASP.NET website and I want store some uploaded files in a shared location in some different server. On that server one user has the access.
how it is possible to get the access of the shared location on the server with my Web site?
View 1 Replies
Dec 23, 2010
I am utilizing a LoginView control that is not changing its template after a user becomes authenticated.
This is from the master page where the control is used:
[Code]....
This is from the code behind:
[Code]....
View 1 Replies
May 6, 2010
I am using the sqlmembership provider with the login control from the toolbox. I want to capture the validated username after the user is authenticated. I need the username so that when the user adds or modifies a record i can have an audit trail. where is the best place to capture the validated user right after authentication? Ideally, i would like to capture it on the login form but how?
View 3 Replies
Apr 3, 2010
I have been searching since some days for the best approach one can have in order to allow an authenticated user to change his/her email address.
This is the code I have but apparently it doesn't work and it doesnt even gives a error. The application seems to ignore it:
Change email address:
<asp:TextBox ID="txtEmail" runat="server"></asp:TextBox>
<asp:TextBox ID="txtPassword" runat="server"></asp:TextBox><br />
<asp:Button ID="changemailbtn" runat="server" Text="Button" />
<asp:Label ID="lblErrors" runat="server" EnableViewState="False"
[Code]....
View 8 Replies
Jan 26, 2011
I am new in my orgainisation and i am assigned a task relating to Windows Authentication. But I've never worked with windows authentication and IIS before.
My Task is: Create simple webapp which shows the authenticated user (i.e. if I connect, it will show myName). It shud be working in IIS7.5 as well.
View 1 Replies
Aug 22, 2010
So I have a fairly simple web site which allows an Administrator to edit some data in a database which is displayed on some web pages.
The main navigation on the site is shown in the code snippet below. The Admin link goes to a Login.aspx which allows the Administrator to log in - once authenticated they get sent to the data edit page.
So my question is, how could I dynamically add a link to the data edit page in the <ul> list below once the user is authenticated ?
This would allow the authenticated user to see links to the secure pages in the main navigation bar.
[Code]....
View 6 Replies
Feb 16, 2011
I am using visual stuido 2010 and vb. I am trying to direct users to one of three different pages upon sign in, depending on their role. Basically I have three roles: administrators, dealers, and customers And three respective destination page urls: admin/default.aspx, dealer/default.aspx, and customers/default.aspx. Everything I can find in the forums is in C. So far I have nothing, so I guess I'm asking someone to write the whole sub for me. I wish I was more proficient, but I'm working on it.
View 4 Replies
