I have my website in which there are free links and links that require login. Free links open even if the user is not logged in. But in case of links that require login, redirect to login.aspx specified in Web.Config in loginURL tag.
I want some way to override this and show Ajax modal popup (Ajax extender toolkit) with login control for only thos links that require login (not for the free links).
In my web application I have a separate folder for Images and MasterPages and I am using forms authentication. Thus if I will not allow anonymous access for Images folder the login page will not be able to show any image.
guide me if this is what we should be doing or is there any other way to handle the scenario. Also, let me know is there any drawback of this technique.
When the page displays, the login page displays with the master page content, however all of the styles are missing. When I embed styles into the master page the styles show properly, so I know the problem is that the styles are not being accessed from the file. how I can authorize access to the stylesheet?
The problem is as follows: If a visitor try to access a page in Admin folder he must be redirected to login page located in Admin folder, here I will take his username and password and then I will check this in SQL Server table, if he is authenticated then he will be redirected to Default page and he can access any page in Admin folder, but not any page in User folderHere is one thing is important and that is login page in Admin folder and login page in User folder are differentSame scenario is for User folder Please tell me what is the right way to achieve this functionality
I've a got an Asp.Net site that is using Forms authentication, I've also got custom errors configured in the web.config. One of these is a special error page for 403's (access denied). My question is how do I get Forms authentication to work smarter?
I would like Forms authentication to send users to login page only if they are not authenticated. If they are I want it to defer to the custom error pages that i've defined in the web.config. This seems like something very basic, how can this be achieved?
I have an application that uses ASP.NET Forms Authentication. For the most part, it's working great, but I'm trying to add support for a simple API via an .ashx file. I want the ashx file to have optional authentication (i.e. if you don't supply an Authentication header, then it just works anonymously). But, depending on what you do, I want to require authentication under certain conditions.
I thought it would be a simple matter of responding with status code 401 if the required authentication was not supplied, but it seems like the Forms Authentcation module is intercepting that and responding with a redirect to the login page instead. What I mean is, if my ProcessRequest method looks like this:
Then instead of getting a 401 error code on the client, like I expect, I'm actually getting a 302 redirect to the login page.
For nornal HTTP traffic, I can see how that would be useful, but for my API page, I want the 401 to go through unmodified so that the client-side caller can respond to it programmatically instead.
I am using VWD 2010 on a windows 7 64 bit install. Using forms authentication I am not being redirected to the login page when not authenticated yet. Even if I start a new web site from template, clear out all cookies, I still go directly to default.aspx. The LoginView control displays the anonymous template verifing I am not authenticated.
configuration why redirection doesn't occur? Remember I am trying this with New Web site template with no mods so I don't think config issue is within application code.
I am trying to use HTTPWebRequest to login to a site and then retrieve the page after login. However, it seems as if I can't get past the login. I also investigated with Fiddler and tried mimicking Fiddler almost completely and still no luck.
i have a web site that uses forms authentication. the problem is that i have the site installed multiple times on the same production servers because i need to have a few different login pages (based on the domain in this case). after the domain specific login page, the rest of the site is the same. obviously, this requires a lot of maintenance as each new version has to be installed multiple times on the server (with varying the login page in the web.config file).
so i thought is there a way to install the site on 1 folder on the disk, have a web site on the IIS take in all the needed domains and make some http module (or some other solution) in which i could give it a list of domains and the forms authentication for that domain. this way make the login page used by each site change according to the domain while still having only one site to maintain on the server.
I see alot of websites that don't always require you to go to a dedicated log in page, but have at the top:
if (logged in) // Loging spot says "welcome back <name>" else // displays username text box // displays password text box // displays sign in button // displays register button
I suppose I could still have a dedicated log in page they are directed to if they enter incorrect log in information, and can offer password recovery there, but it would be nice to not always send them there and let them log in right on the page itself.
Our website runs on ASP.NET v4 and users log in user Forms authentication.
We are considering purchasing a web application that will add to our services. The only problem is that this new website is written in PHP.
We would like users to login to our ASP.NET site and then navigate to the PHP site. The PHP site should notice that users are logged-in though. So we probably need to transfer the ASP.NET SessionID cookie and somehow use that to verify whether or not the user has been authorized.
I'm using Microsoft Visual Web Developer 2010 Express. I have created a web page. It opened fine. I then added a table to my site.master page and add some text and images. Everything compiles and runs fine until I hit the Login button. I then lose all my images, which are stored in an "Images" folder in the Web Page path. I have tried giving allow users="*" in the authorization section of the web.config file. It changed nothing. I must also tell you that I moved the Login control into the table to position it better. I do not understand how that would affect the images though.
In an asp.net mvc website, the site has enable forms authentication. The form login page is located in an area such as:
Area: Area1, Controller: Account, Action: Login
When a user is not yet authenticated and click on a link that requires authentication, the user is redirected to the login page. This does occur and redirect to the login page specify above. However during debug, it was found the area value is not included in the RouteData.Values object. That is, the RouteData.Values object has ONLY the follow value:
Controller: Account Action: Login
In this case, it is presumed that the MVC application by default searches for the appropriate controller and action without consideration for including the area value. On contrast when I direct click on a link that directs to login page, all processing occurs as expected, i.e. the area value is included in the RouteData.Values object. Is there a work around for this?
Recently I start having customers that are not able to login into my site. I have used the same code for months and I can login and authenticate fine it is happening on some customers not all. That is why is so hard to recreate the problem.
What is happening the customer tries to login and get redirected back to loging page. In config file I have this
I can not think of some else, maybe cookies not able on client, or any other security issue, IE version.
I installed my asp.net application on server (Windows Server 2003, Standard Edition, SP2)
I already set:
1. In ASP.NET Configuration Setting: I set Authentication to None.
2. Check Enable anonymmous access.
3. Uncheck Integrated Windows Authentication.
But the brower always show Authentication Required Dialog.
If I ignore this.
It show this error:
Access is denied.
An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
I have created a web application which has two section user and admin. Admin files are within ~/admin folder and user files are in ~/User folder. Admin and user has two different login page within respective directory.
Now I want two apply form authentication for admin and user section. Is it possible to apply form authentication for two different section in a web application?
I read that with IIS 7, ASP.NET has become an intrinsic part of IIS instead of an external ISAPI DLL. They say that the main reason for this change is that it's now possible to secure files that previously have not been handled by ASP.NET.
I want to check this out, so I have created a Forms authentication web site and added the following files to it:
Moreover, I have set the web.config to deny anonymous users and I have enabled Forms authentication in IIS.
Here's my problem:
While the ASPX page perfectly requires me to log in, the HTML page does not. It just yields error 401.2.
So my question is:
What did I do wrong? What is necessary to have HTML files (or images) secured using Forms authentication?
I am upgrading a website written using ASP.NET 1.1 and the logic for the login page includes verifying the credentials, calling FormsAuthentication.SetAuthCookie() and populating the Session with the user information.
I am updating this page to use Login controls and the Membership API and am trying to wrap my head around the concepts that have been changed.
Most of the samples I see do not do anything on the login button event handler, so is the logic of setting the cookie abstracted out into the control?
Also, how do I check if a user is logged in or not on other pages. Does it still store user information using the Session?
How do I check if a user belongs to a particular role or not (Earlier, I would look in the Session object to do something like this)Is the Session a bad way of storing user info?
we host a database for several users. We allow the users to host the login form on their own server. The form calls an ASP page that we host, which executes a stored procedure to authenticate the user.
We are in the process of moving to ASP.net. The "Forms" authentication method appears to only work if the login page is hosted locally. Is there a way to use Forms Authentication & allow the login form itself to be on a different server. I'm looking for a tutorial somewhere that will get me pointed in the right direction