I am facing one problem while putting below code on master page load event.
if (!User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
On the first hit, and only the first hit, to my page having [ALLOW users="*"] in the web.config, the user is redirected to the LoginUrl, but on all subsequent visits to the page, the user IS allowed access. The user shoud ALWAYS be allowed access to this page. I suspect it is a configuration problem, so here are snippets of my web.config...
[code]....
[Code]....
View 4 RepliesI want to display logged-in user's Full Name & Avatar on the asp.net(C#) master page.
let me know any feedback on how to do that?
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I have seen numerous posts with this problem, however none of the solutions have worked for me. I am using asp.net 4.0 forms authentication. I have the following set in my config file.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
The login.aspx page uses a master page and styles in a stylesheet located in a folder off the root directory called 'Styles'. I have also add the following to my config file.
<location path="~/Styles">
<system.web>
<authorization>
<allow users = "*"/>
</authorization>
</system.web>
</location>
When the page displays, the login page displays with the master page content, however all of the styles are missing. When I embed styles into the master page the styles show properly, so I know the problem is that the styles are not being accessed from the file. how I can authorize access to the stylesheet?
We have a user that has been logging on to a site for several months. Suddenly on Monday the user was forced off and since then they have not been able to log back in from the machine where the problem occured. They can log in to site using other PCs in the business using the same creduentials as we can from the support desk.
We have performed a completed cleardown the IE8 history and cookies etc, check that is can see the internet, working online and recycled the application pools but still the uses account is unavailable from that machine.
I have 3 pages which they use Master page. I want to check if user is authenicated in page load event of master page.
1-Is it correct method to check authenication is page load of master page?
2- I want to know which of the following lines should I user and is there any difference between them?
Request .IsAuthenticated
Page.User.Identity .IsAuthenticated
HttpContext .Current .User .Identity .IsAuthenticated
I want to check if user is autheneicated in control (ascx). I use HttpContext.Current.User.Identity.IsAuthenticated; for this purpose.
When I browse pages using ASP.Net Developement server -VS 2008- it works fine, But when I use IIS 7 then it always return false , even if user is authenicated.
Note that it's even work fine with IIS 6 but With IIS no hope (Classic/Integrated mode). does it related to IIS 7 or what the method that I use?
If I am using forms authentication, how can I get the value of the user.identity for the currently logged in Windows user? Not the forms user.
View 2 RepliesI have an ASP.NET application where users login using forms authentication. I have 3 roles and some users. My App is not some thing like anyone can Register and access pages. Only Admin can create users & then send them their username and temp password through email. Then User can change his security question, Password and access pages. I'm trying to build this architecture. I'm using SqlServerMembershipProvider I have created Roles and some test users using ASP.NET Configuration tool. How can I implement the same thing programatically? Like Admin can create user and set his Role. User should be able to Change his Security question & change his password after Admin sets his account with some password likeP@ssw0rd. Is there any article where I can read and learn. I'm dealing with Security for the first time
View 3 RepliesWe have an ASP.NET Web App, where we want to provide a link 'Sign in as a different user' on a page. Authentication mode is Windows. Went through a couple of articles (like setting the statuscode =401). We want to authenticate the user, and then redirect him to a specific page (say 'ReviewTask.aspx');
View 2 RepliesI am using asp.net authentication and authorization with form authentication for my web application.
When I create a new user using asp.net create user control,the newly create user automatically gets logged in,the already logged users looses his session.
Don't know why this is happening.Is there some setting for this?
how to authenticate a user using the central authentication service?
I created a login page to enter the user name etc. I have the server for the authentication.
I am wondering how does this website - stackoverflow handle the user authentication? It accept yahoo, google, facebook, myspace, openID etc to login. And most importantly with asp.net.I want to build something like this too.
View 1 RepliesI am evaluating ASP.NET Membership for an intranet Silverlight app. I want users to be automatically authenticated for my application with their windows logon. Thus I configured Windows Authentication. I would like to store user settings like email-address in using the SqlMembershipProvider and not AD. It seems that storing user settings using the SqlMembershipProvider is not supported with Windows Authentication. Is this really so (using .NET 4)?
If so: What is the rationale behind this? IMHO authentication, user settings and authorization are distinct aspects. User settings could easily be stored (identified by user name) using the SqlMembershipProvider with authentication and password management being supplied by Windows. What is the recommended solution for my scenario?
I have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:
[Code]....
I also tried using the LogonUser method to create a user token and backend the authentication that way, and it doesn't work either.
[Code]....
URL.... Still there will be need of url in ajax method if i put javascript in site.master.cs . As what i have understood fromĀ that mysite.master.cs will be like this :
protected void Page_Load(object sender, EventArgs e) {
try {
if (Session["Prefix"].ToString().Trim() == "sys_admin") {
UserNameMasterLabel.Text = Session["UserName"].ToString().Trim() + " (ADMIN)";
[code]....
And site.master will be like this :
And I have to put next method in DailyLog.aspx page ? like this
System.Web.Services.WebMethod(EnableSession = true)]
public static int RefreshSession() {
HttpContext.Current.Session["Name"] = "BSD";
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/Web.Config");
SessionStateSection section = (SessionStateSection)config.GetSection("system.web/sessionState");
int timeout = (int)section.Timeout.TotalMinutes * 1000 * 60;
return timeout;
}
But I have several pages in my website , by doing the above story will it work for Builder.aspx ? or any other page rather than dailylog.aspx ?
I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:
<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />
</authentication>
And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:
If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.
I've narrowed the problem down to the following:
Receive "Login failed" for user ASPNET error message SQL Server 2005 is db and IIS is web server (both on same computer) Mixed authentication used on SQL Server I have created user ASPLogin with password that is correctly typed int the web.config:
add
name="masterConnectionString"
connectionString="Data
Source=computernameGMOSERVER;Initial Catalog=Portal;Persist Security Info=True;User ID=ASPLogin;Password=password" providerName="System.Data.SqlClient"
/>
I am able to access my webpages that query the database as long as they are not parameterized.However, the parameterized queries (e.g., SELECT * FROM SUPP_DASH_RESULTS WHERE organization_code = @orgcode) are the ones that do not work, and give me the "Login failed" error message
i need some lessons in how to create admin folder and pages to add user ,content ,authentication, etc
View 2 RepliesI have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 RepliesI want to share a common page load and page init events sequence between Master page and child page and User Control as described below:
Let us have the following components:-
1. TestMaster.master -> It is the master page
2. TestChild.aspx -> It is the Child page
3. TestUserContrl.ascx -> It is the UserControl present within the TestMaster.master page.
[code]...
I have following situation: A web with a defaults.aspx & login.aspx 2 folders ADMIN & MASTER, in the ADMIN folder is a content page admin.aspx who's master is in the master folder.when I place, following web.config in the ADMIN folder he still is showing the admin.aspx for all users, when I place a new standalone aspx file in that directory the access is denied.Why is de content file not secured ? Must I secure the master file so do i need a new masterfile for each rol, user then...
in that directory<system.web>
<authorization>
<allow
[code]....