VS 2010 - Forms Authentication Across Applications

May 14, 2012

I'm using a common <machineKey> to allow two ASP.Net applications to share a single forms authentication ticket (ie. only need to login to one application to access both). My problem is that I only want users in a particular role to have access to the second application. What's the best way to implement this?

I've tried checking the role in Application_AuthenticateRequest() and doing FormsAuthentication.SignOut() if the role doesn't match, but that doesn't get picked up until the second request to the application. I can't redirect from Application_AuthenticateRequest() because that would just create a redirect loop.

View 2 Replies


Similar Messages:

How To Share Authentication Context Between A SharePoint 2010 Site And Applications

Aug 13, 2010

Is it possible to share the claims based authentication of a logged in Sharepoint 2010 user with a separate Asp.net application?

The following article describes how it was done using Sharepoint 2007 and forms authentication through forms auth and sharing machine keys etc however I cannot find any information regarding the external application consuming the claims authentication that is now used in Sharepoint 2010?

View 2 Replies

Forms Authentication, 2 Applications Sharing 1 Login ?

May 11, 2010

I have 2 almost identical asp.net (vb) applications. 1 Development and 1 Production.

They use forms authentication that is configured to run in SQL server. Both apps use the same aspnetdb database but have different application names.

The problem I have is:I have an Identical login for each app (same username, same password), but If I change profile information for that user in the development app, the changes are reflected in production app. This isn't what I want.

View 2 Replies

Security :: Forms Authentication Across Applications Stopped Working?

Jan 12, 2011

I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]

Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.

which security update would have caused this and if its possible to fix or rollback?

View 4 Replies

Multiple Applications On A Single Site - Session And Forms Authentication Scope?

Mar 7, 2011

We're using ASP.NET and IIS 6.0. I realise that the definitions of applications, websites and virtual directories are ill-defined in IIS 6, and changed a lot in IIS 7. However, I'm stuck with IIS 6.0 for now.

We have a single web site defined in IIS, and a number of separate sub-sites in Virtual Directories.

The scheme looks like this:-

[URL]

[URL]

site1, site2, ... are virtual directories in IIS 6.0, under the "Default Web Site".

I need to use ASP.NET sessions and forms authentication in most of these sites, and I don't want them to share authentication data or session information at all.

Both the mechanisms currently depend on cookies. However, the cookies created by default use the same name, and have a path of "/" in the browser, meaning the sites' cookies will clash with each other.

Without changing the default name for each cookie, how can I enforce separation between my sub-sites? Do I need to change the virtual directories for IIS 6 "Applications"? Or is there some way in code to enforce a more limited scope for the cookies?

View 1 Replies

Security :: Share Authentication Cookie Between V3.5 And V4.0 Applications

Nov 6, 2010

I have a bunch of applications that currently share the authentication cookie in v3.5.

We're in the process of upgrading to 4.0 and also upgrading the applications as a whole. I have 1 done, and would love to deploy it. However, as soon as I do, I lose my sharing of authentication cookie in that application.

In each web.config, my machine key is declared. I removed the actual keys to protect the innocent. :)

<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<!-- DEV Server -->
<forms enableCrossAppRedirects="true" loginUrl="Logon.aspx" name=".COOKIENAMEHERE" protection="All" path="/" slidingExpiration="true" timeout="1440"/>
</authentication>

View 1 Replies

Security :: Two Applications Using Same Domain / Common Authentication Possible

Feb 19, 2010

I have a case where i have two asp.net applications, one is hosted on example.com/App1 and the other on /App2.

both applications are password protected using Windows authentication.

App1/default.aspx has a <img src="/App2/somefile.aspx">

Now what happens when i open App1 is that i get the credentials prompt, but because App2 is also protected, the HTTP GET for the img requires me to authenticate, in other words i get two prompts.

Is it possible to do something so that the authentication is for example.com so that both App1 and App2 consider the user authenticated?

View 4 Replies

Security :: Single Authentication For Multiple Applications?

Nov 10, 2010

I have three asp.net web applications

,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory

Like

1.Localhost/EmpMananger

1. Localhost/Hr

2.Localhost/Payroll

, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,

Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost

Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx

the authentication ticket is not available in second and third applicaiton

View 4 Replies

Creating Mobile Web Applications In VS 2010?

Jun 29, 2010

I am trying to create a mobile version of a web application using VS2010 (.Net 3.5, not 4). When I search for information on ASP.net mobile I see a lot of references to mobile controls that adapt their HTML to the specific device requesting the page. Since I would like this app to be viewable on as many as devices as possible, it seems like it would be better to use the mobile controls rather than just create a smaller version of a web form. Apparently VS2008 and up do not include the mobile control templates, but you can download and install them separately. I did, but when I tried to create a test page I get a server error complaining that the assembly "System.Web.Mobile" could not be found. I double checked in my references and that assembly is included in the project. The file System.Web.Mobile.dll is also on the server running the app.

Is there something that I am doing wrong, or is developing a mobile web app in this way using VS2010 not possible?

View 1 Replies

Security :: Didn't Run All Three Applications In Same Times And Also Form Authentication Crossed?

Jul 10, 2010

We are upgrading the asp.net 2.0 web application to asp.net 4.0.

The application contain three main modules (sub application) like End User, Franchise and Admin with separate web.config, asp.net form Authentication, login page and running with single domain.

the URL like,

mydomain.com/login.aspx
mydomain.com/franchise/login.aspx
mydomain.com/admin/login.aspx

In asp.net 2.0, working fine with 3 sub applications with separate form authentication under a single domain name and also we can working with all threes in same time.

After the up gradation process (ASP.NET 2.0 to 4.0),

We didn't run all three applications in same times and also form authentication crossed.

View 7 Replies

Debug Asp Applications More Quickly In Visual Studio 2010

Dec 6, 2010

When I am actively developing it is extremely cumbersome to write some code, fire up the debugger to test said code, wait a minute for the debugger to start, look at the page in the browser, stop the debugger, edit the code, rinse, lather, repeat. I can get around that by using CTRL-F5 and CTRL-SHIFT-B during development but I lose all the benefits of the debugger. Is there a better way to use the debugger, or something else I can do to get quick rebuilds and use of the debugger? I/we do write unit tests, but you also need to test your app in the browser so please no "you shouldn't have this problem if your unit tests were written properly"

View 5 Replies

How To Share Existing Applications Membership Database With Sharepoint 2010

Mar 5, 2011

I am trying to integrate an existing asp.net application with sharepoint 2010. I would like to be able to have a logged in user on the application access a document library via an Iframe on the sharepoint 2010 site. I want to use FBA on sharepoint. Is it possible to share the membership database from the asp.net application with sharepoint? If not, what would be the best way to accomplish this?

View 1 Replies

Visual Studio :: Can Use Web Developer Express 2010 To Deploy Web Applications

Jul 10, 2010

Can i use web developer express 2010 to deploy applications or is it still in Beta?

View 1 Replies

Visual Studio 2010 - Remote Debugging Applications On A Server With Static IP Address?

Jan 20, 2011

All of examples on web assume the remote server which we are going to debug remotely is on the same network. I have only a static IP address and using RDP I connect to server.

I've installed Remote Debugger on remote machine but cannot set the static IP address as Qualifier in visual studio -> debug -> attach to process

View 1 Replies

VS 2010 Active Directory Authentication?

Jul 26, 2010

I got a request from a specific client to rather use Active Directory than SQL Server Authentication, and was wondering if someone can give me a push in the right direction.I hoping to stick to using service contracts (interfaces) and just have a different implementation (injected with castle perhaps) for each client (though it will only be one client for now using Active Directory, instead of my usual aspnet membership / role providers), but as I never did this I'm unsure if that would be possible.

View 5 Replies

VS 2010 Mixed Authentication With Roles

Dec 13, 2011

I have the requirement for internal users to acces our web app without loggin in manually so using windows authentication, external users need to be refered to a form based authentication.

Now I have implemented the solution [URL] ....

However I also need to employ roles for authorization. The forms side is all set up but I cannot seem to get it to work for the windows side of things, looking for implementing a mixed mode involving roles?

I tried adding in an extra provider

<providers>
<add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="aspnetdbConnection_dev" applicationName="Corp.Web.GSP"/>

but how to configure it for usse only by the windows users. Secondly if I set it as the default where I have code like

if (Roles.IsUserInRole("Internal") || Roles.IsUserInRole("SysAdmin") || Roles.IsUserInRole("Sales"))
{

I get an

Method is only supported if the user name parameter matches the user name in the current Windows Identity error

<add name="WindowsRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />

View 5 Replies

VS 2010 Windows Authentication - Session Time-out?

Sep 20, 2010

Does Session Time - out is applicable ing Windows authentication?If so, in what event can i capture this?

View 6 Replies

VS 2010 - Authentication (login Session) On The Clientsite

Jan 19, 2011

I am checking if the login session is still available on the client side in Jquery. What i did i created a web method to be called as a pagemethod on the client side. the webmethod is defined like this

[System.Web.Services.WebMethod]
public static Boolean CheckSessionExpiration()
{
Boolean IsLoggedin = false;
if (System.Web.HttpContext.Current.Session["LoginUser"] == null)
{
IsLoggedin = false;
HttpContext.Current.Session.Abandon();
HttpContext.Current.Response.Redirect("Login.aspx");
}
else
{
IsLoggedin = true;
}
return IsLoggedin;
}

and in my Jquery i have functions that perform different operations and before those function execute, i will need to make sure that the user is still logged in, so i will call the web method on the client side like this

PageMethods.CheckSessionExpiration(OnCheckSessionExpirationComplete);

and its callback function like this

function OnCheckSessionExpirationComplete(result) {
//Callback function
}

i know the webmethod should be void because the boolean value is not used at all on the client side or anywhere in the app. Now my question is. My Assumptions are , looking at the webmethod that is being called on the on the client side, it will execute first and if the session is null and it will not continue to execute. The client side code that was about to follow Please clear my assumption. Mybe there is something i don't know about Jquery that will make it continue even if the page redirection code is fired.

View 5 Replies

Visual Studio :: Authentication After Upgrade To VS 2010 And .net 4.0?

May 5, 2010

My application uses authentication mode="Forms". I am doing my first Publish since the upgrade and all looks correct. I publish to the File System which is what I used to do in VS2008. When I install the app on my server (IIS6), the login page renders correctly and I enter correct authentication. In previous versions, the application would then render the Default.aspx page. Now, I receive a windows authentication window for my website. I'm not sure what's changed and I think it has something to do with the publish process in VS2010 although I may be mistaken

View 1 Replies

VS 2010 / IIS7 - Mixed Mode Authentication

Sep 14, 2011

I am trying to implement single sign on for users within our domain and if the are not then they get re-directed to the login screen to use forms authentication.

I have followed this tutorial below

however I get two issues firstly if I go to my forms authentication page no css or images now display and if i try to login i get an error.

If I go to the login page which should recognise me from the AD I get 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.

[URL].....

View 3 Replies

WCF / ASMX :: Building Services To Work With Web Applications And Console Applications?

Jun 7, 2010

I've been worked with web services so far, and I'm interested in expanding my services to console applications as well so I started digging up with WCF but I'm conserned that I won't be able to use the HttpContext collection that I've been used to do with web services one important thing which is to generate a random value from HttpContext.Current.Request.ServerVariables["ALL_HTTP"] that I need to reckon if it's the same or at least near what machine that is calling my service. How can I overcome this problem?

I need to know what machine is calling to count the number of attempts to login into my system for example. So must do it inside of the svc code otherwise if I let the client inform what ip address or what computer he is using, anyone could forge this argument and surpass by another machine. May be I'm approaching this matter wrongly. And I should count the number of attempts per state session, but how is it done?

View 1 Replies

Configuration :: Deploying Web Applications With Sub Web Applications?

Apr 22, 2010

Our corporate intranet is designed so that each web application is a child application in the primary application.. Everything has worked fine with Visual Studio 2008 and even in 2010 running the website locally works great, the output directory for the child apps is ..in and the ProjectName.dll copies to that directory.. When I do a publish however it does not and I have to manually copy the dll from the bin folder in the project folder to the parent bin folder, this isn't hard of course but more of a pain in the butt each time I need to publish something. I made sure the output directory is correct for both debug and release yet on publish is just copies it to the child bin and not the parent bin as needed.

View 2 Replies

C# - What's The Difference: Windows Authentication, Passport Authentication And Form Authentication

Sep 17, 2010

Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?

View 3 Replies

AJAX :: AutoCompleteExtender - Authentication Failure (forms Authentication)

Apr 15, 2010

'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.

If I change my service definition to include a demand for the caller to be authenticated, like so:

<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()

Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?

View 2 Replies

Security :: Changing From Forms Authentication To Windows Authentication?

Sep 3, 2010

What do I need to do in order to change an application from Forms Authentication to windows authentication?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved