Web Forms :: IE 10 - Forms Authentication Not Working
Aug 18, 2015
I have implemented web authentication in my project. It works fine with the browsers like Mozila, Chrome and Opera Safari.
However it does not work with the IE 10 and above. I did google and came to know that this is the issue in the IE itself.
I implemented the suggestions provided like using the cookieless="UseCookies" in the forms tag.
However it still does not work. Below is the section of the relevant code -
<authentication mode="Forms">
<forms cookieless="UseCookies" defaultUrl="Default.aspx" loginUrl="Login.aspx"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
View 1 Replies
Similar Messages:
Jul 25, 2010
I'm trying to setup Forms Authentication in an asp.net mvc 2 application that will be hosted on IIS 6. There's an issue somewhere in my routing, but I can't pinpoint exactly where it is.
Here is the route entries I'm using to route the mvc requests through the aspx processing on IIS 6. These may or may not be the "right" way, but they do work on the server at current
[Code]....
View 2 Replies
Aug 5, 2010
I am developing a small website in vs-2005.
Here I am using forms authentication and I have used an access database. I have put the db in App_Data folder and declared the connectionstring in web.config. The problem I am facing is that when I request any page without logging in the browser displays the requested page. At the bottom of the page there is a script error when I check the details it says Sys is not defined. Has this something to do with this issue??
In web.config file I have added the following lines in the <system.web></system.web> section.
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Default.aspx" protection="All" path="~/" timeout="30"/>
</authentication>
<authorization>
<deny users="?"/>
<!--<allow users="*" />-->
</authorization>
On login button click after comparing userid & password I am using the foll stmts:-
If code = 0 Then ' code 0 means match for userid and pwd
FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False)
Else
Response.Redirect("~/Default.aspx")
End If
View 3 Replies
Feb 24, 2011
So on my journey to become better at asp.net I've encountered a problem. I'm working on a login. I added some Style to it by adding a CSS file and after some time I made it look a lot better. Thereafter I added Asp authentication forms - which actually works great aswell except that if you're not logged in the CSS is not used. Once I've logged in and recieved a cookie I can go back to the login page and everything looks nice. But as long as I haven't "logged in" the page looks as if no CSS is used.
View 3 Replies
Feb 12, 2010
Below is my code for forms authentication in asp.net but some time it is not working means some time user is not logged in
FormsAuthentication.SetAuthCookie(authentificationString, rememberLogin);
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = System.Web.HttpContext.Current.Request.Cookies[cookieName];[code]....
It is working fine in my local machine but when I deploy on my server then it is not working.is it any iss setting or something else..
what I need to do for this.below is web.config code and local machine having IIS 6.0 and Server having IIS 7.0
View 2 Replies
Feb 9, 2010
I'm using IE 8 v.8.0.6001.18882
After upgrading ie my login form that uses forms authentication stopped working.
After studies find that IE8 has problems with the authentication cookies.
With all other browsers work perfectly.
My settings in web.config.
[Code]....
I tested all the values of being the only one that works is the UseUri but I do not control cookies in this way.
View 3 Replies
Jan 28, 2010
Recently I've implemnted Single SignOn feature in my website which was developed on Framwork 2.0 using visual studio 2005.These website works on all browsers perfectly except that there two systems in my testing environment where the FormsAuthentication doesn't work on IE only.
On Those systems itself FormsAuthentication works for other browsers like mozilla.On these system I have checked that FormsAuthentication cookie is created but it lost it value as soon as other page is traversed.But when I try to login again it give me the messsage that user is already login i.e. user was able to login successfully.Both of them are currenlty using IE 8.
Following is the settins of my web.config:
[Code]....
View 2 Replies
Jan 12, 2011
I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]
Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.
which security update would have caused this and if its possible to fix or rollback?
View 4 Replies
May 3, 2010
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
Here is the relevant section of my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ASPWebAuthConnectionString" maxInvalidPasswordAttempts="10000000" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="nvpumps"
requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false"/>
</providers>
</membership>
View 3 Replies
Mar 9, 2010
I am trying to implement custom sercurity modal in Reporting Services and i am not successfull. I am getting instance count error at below line.
// Loop through the instances of the server class.
ManagementObjectCollection instances = serverClass.GetInstances();
I posted my question in the below forum and could not get answer yet.
http://social.technet.microsoft.com/Forums/en-US/sqlreportingservices/thread/81b5a886-cca5-4d13-9805-c5b57c8a20e9
The link i used for forms authentication is as follows:-
http://msdn.microsoft.com/en-us/library/aa902691(SQL.80).aspx
What could be going wrong? Why i could able to cross "scope.Connect();" AND "serverClass.Get();" and getting below error
and could not get any instances. I saw a help link of similar problem and given full permission, but could not get instances at all.
http://social.msdn.microsoft.com/Forums/en/sqlreportingservices/thread/fd5d19da-5cf5-45a9-bc77-7849a9565714
Exception Info:-
serverClass.GetInstances() {System.Management.ManagementObjectCollection} System.Management.ManagementObjectCollection
+ Count 'serverClass.GetInstances().Count' threw an exception of type 'System.Runtime.InteropServices.COMException' int
{System.Runtime.InteropServices.COMException}
IsSynchronized false bool
Code:-
const string WmiNamespace =
//@"\localhost
ootMicrosoftSqlServerReportingServicesv8"; // ORIGINAL
@"\localhost
ootMicrosoftSqlServerReportServerv9Admin"; // NEW ONE
//@"\localhost
ootMicrosoftSqlServerReportingServicesv9Admin"; // NOT
WORKING COPY
const string WmiRSClass =
//@"MSReportServerReportManager_ConfigurationSetting"; // ORIGINAL
// @"MSReportManager_ConfigurationSetting";
@"MSReportServer_ConfigurationSetting"; // NEW ONE
string fullWmiClassName = WmiNamespace + ":" + WmiRSClass;
ManagementClass serverClass;
ManagementScope scope;
//scope = new ManagementScope(WmiNamespace, connOptions);
scope = new ManagementScope(WmiNamespace);
// Connect to the Reporting Services namespace.
scope.Connect();
// Create the server class.
serverClass = new ManagementClass(fullWmiClassName);
// Connect to the management object.
try
{
serverClass.Get();
}
catch (Exception ex)
{
throw new Exception("Could not get WMI information. "
+ ex.Message);
}
View 3 Replies
Feb 8, 2010
I just found out that my site authentication is not working in IE8. It works in FF, Chrome, Opera but not in IE8. I've deleted all the cookies and temporary files but no change. After a short research I found out that there is some problems with the cookies with IE8.Look at this http://www.reachfarther.com/persistent_cookies_fail_in_ie8.htmlHere is my web.config
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/Login.aspx" domain="ivan_g" name=".MY_WEB_AUTH_COOKIE" cookieless="UseCookies" slidingExpiration="true" timeout="10" protection="All"></forms>
</authentication>
<httpCookies domain="ivan_g" />
I want to run the site from my PC at the office so my domain is ivan_g I think. This is the Url:[URL]
View 2 Replies
Feb 24, 2011
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
View 7 Replies
Feb 2, 2010
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
View 5 Replies
Nov 4, 2010
I'm trying to hit my intranet website and get it to run a simple sql query as the windows user I'm logged in as.
When I debug through Visual Studio, everything works great. When I hit the webserver though, I get an error from sqlconnection saying, "ERROR:Login failed for user 'YOUR_DOMAINYOUR_WEBSERVER_NAME'."
Request.ServerVariables[AUTH_USER]: YOUR_DOMAINUserBob
System.Security.Principal.WindowsIdentity.GetCurrent().Name: NT AUTHORITYNETWORK SERVICE
Page.User.Identity.Name: YOUR_DOMAINUserBob
System.Threading.Thread.CurrentPrincipal.Identity.Name: YOUR_DOMAINUserBob
[Code]....
View 2 Replies
Apr 15, 2010
'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
View 2 Replies
Sep 3, 2010
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 Replies
Jul 7, 2010
I set these setting below at the Web.config of my site And it still return me to the loginpage after about 20 mins I checked the Properties of the site at IIS and the time out is 660 However at the properties of the defaultWeb it's not 660 since it will influence all the sites and that I don't want
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="660"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>
<sessionState mode="InProc" timeout="660"></sessionState>
View 1 Replies
Nov 20, 2010
I'm trying to write a simple ASP.NET 4.0 app, using Windows authentication to login. This is on my peer-to-peer home network. When I click to login, it instantly shows my Windows identity, so it looks as though I don't even need to login, as it's already done that for me. However when I then go to any other page in the app, it looks as though I'm not logged in. Why is that and how do I fix it?
View 2 Replies
Jun 3, 2010
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
View 1 Replies
Sep 15, 2010
I've been asked to convert an asp.net application from forms authentication with roles using the aspnetdb database to use windows authentication instead.
what is required to do this? can I still use the roles defined in the app and stored in aspnetdb?
View 1 Replies
Feb 12, 2010
I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in another table which shares its primary key with the aspnet_users table.
For users who are part of our domain I store their domain account name in the secondary users table, and I want to automatically log in users whose domain account name matches a name stored in the table.
I have read the guides which are available - they're all from two years ago or more and assume that you are able to activate Windows Authentication on a separate login page that allows you to extract the domain account name. From what I can tell, though, this is not possible in IIS7 (the overall authentication method is applied on all pages and cannot be selectively deactivated, and both authentication methods can't be applied on the same page).
Is there a way of getting IIS to pass through the windows domain account name of the requesting user? I don't need proper AD authentication, just the domain name.
View 6 Replies
Aug 19, 2010
We have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc).
Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control.
The client is redirected back to a pre-configured url on our original http web app when done.
However, the customer is then asked to "re-login" again on our side which is undesired...
It seems the forms authentication cookie is destroyed when transitioning between HTTP and HTTPS and back again.
How can I keep the forms authentication cookie alive so that the customer does not have to re-authenticate on the round trip?
View 2 Replies
Feb 16, 2011
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
View 1 Replies
Feb 7, 2011
In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
</configuration>
App pool config (left out "handlers" for brevity, there's a 30000 char limit):
[Code]....
View 2 Replies
Oct 27, 2010
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the
method some degree of rejecting users if permissions don't match (ideally this should be performed
within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract]
public interface ISupportService
{
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")]
List<BaseInterestRate> GetAllBaseInterestRates();
}
the code is simple enough:
public class SupportService : ISupportService
{
public List<BaseInterestRate> GetAllBaseInterestRates()
{
OperationContext operationContext = OperationContext.Current;
ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null
using (xxxEntities entities = new xxxEntities())
{
return new List<BaseInterestRate>(entities.BaseInterestRates);
}
}}
My service configuration is thus:
-->
<behaviors>
<serviceBehaviors>
<behavior name="SupportServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Having already configured the MembershipProvider:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear/>
<add name="SqlMembershipProvider"
connectionStringName="SqlMembershipProvider"
applicationName="xxx"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="SqlMembershipProvider" applicationName="xxx"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="xxx" name="AspNetWindowsTokenRoleProvider
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN)
How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN)
How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN)
Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
Am I missing something?
View 1 Replies