on my website there is one page where i do webrequest to other website with webresponse i also get one cookie that i need to store on browser with same domain of webrequest
problem is that when i add that cookie in my response with domain (which i made webrequest browser ) cookie is not added.
is it possible to remove Main Domain cookie from Sub Domain ?I am using single sign on .On logout i want to remove the maindomain cookie
View 2 RepliesI've got a session/coockie from a phpbb forum. But i use in the website asp.net (the website has a different url and domain then the forum).
Can i get the session/coockie from the phpbb forum in the asp.net website?
I have two websites (domain and subdomain), something like this: www.website.ro and en.website.ro and I am trying to share a cookie between them. I have set the cookie domain to "website.ro", I tried setting it to ".website.ro", but it doesn't work. I can only read the cookie in the website that created it.
View 5 RepliesI'd like to write out a cookie for a different sub-domain than the one I'm running in. Basically, what I want to do is have a php forum page automatically be authenticated from the asp.net login.That is, I have[URL]When the user log's in to www.mysite.com, I want to write a cookie out that the forum.mysite.com can pick up. It's only going to have the username in it so no encryption is needed. Nothing unsafe best I can tell. I've tried the below code but that still seems to make an encrypted cookie. I need to read it back into php unencrypted.
[Code]....
is it possible to preserve authentication for ASP.NET Forms authentication cookie,btween Http and Https (different domains) and back?I mean haveing single signon for two domains say http://www.mydomain.com and https://members.mydomain.comI've seen on quite asp.net sites that have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in.
View 1 RepliesI am busy building a shopping cart with cookies. I have datalist which I populate from the cookies with a delete button next to each cookie
[Code]....
Now the problem is that when I hit the delete / remove button to expire the cookie, what happens when repopulating the datalist is that it shows the original cookie with all it's values as well as a new entry where all the values are blank.
I want to change the value in a cookie:
HttpCookie hc = new HttpCookie("HiddenColumns");
hc.Value = customView.HiddenFields;
hc.Expires = DateTime.Now.AddDays(365);
Response.SetCookie(hc);
Or this way:
Response.Cookies["HiddenColumns"].Value = customView.HiddenFields;;
Response.Cookies["HiddenColumns"].Expires = DateTime.Now.AddDays(365);
But when I retrieve the cookie value, it is still old, unless I do postback. I don't want to use Redirect.
The following code works as it was originally designed to move a file from one directory to another directory on the same server, but I need to change it to work so it will move a file from one server to another server. My challenge is how to define the source directory on a different server and check if file exists.
Code behind:
Protected Sub btnSubmit_Click(ByVal sender
As Object, ByVal e As System.EventArgs)
Handles btnSubmit.Click
[Code]....
I'm trying to use a webservice that first expects the clients to login, to retrieve a cookie to re-use.
This is done through a login(string user, string pass) method on the webservice.
Doing this through a browser works fine, we get a cookie, and we can see the cookie via Fiddler or whatvever proxysniff thingy.
Time to do the same in ASP.Net, so we use the WSDL and generate a nice proxy class, and it works fine to call the login() method, but Never Ever does a cookie get set !
I already used the "cookiejar" technique - which means i create an instance of a CookieContainer and assign it to the proxyclass like this;
var cookies = new CookieContainer(3);
I am a bit baffled here; using IE7, ASP.NET 2.0 and Cassini (the VS built-in web server; although the same thing seems to be true for "real" applications deployed in IIS) I am looking for the session-id-cookie. My test page shows a session id (by printing out Session.SessionId) and Response.Cookies.Keys contains ASP.NET_SessionId. So far so good.
But I cannot find the cookie in IEs cookie-store! Nor does "remove all cookies" reset the session (as it does in FF)... So where - I am tempted to write that four letter word - does IE store that bloody cookie? Or am I missing something? By the way there is no hidden field with a session id either, as far as I can see. If I check in FF there is a cookie called ASP.NET_SessionId as I would expect. And as mentioned above deleting that cookie does start a new session; as I would expect.
I have also installed SSL on a subdomain. I have put payment page under this sub domain.
View 4 RepliesMy feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 1 RepliesWe have a ASP.NET site that partially depends on forms authentication for login credentials, however the implementation of IPrincipal is completely custom.
But, when running the site on a particular server (which is somewhat semi-hardened when it comes to security), the app crashes when invoking IPrincipal.IsInRole() with the following messsage:
System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
This indicates a communication error between the web-server and the DC, however since our application doesn't at all utilizes Windows authentication, I don't see why it needs to communicate with the DC.
This is my implementation:
[code]...
EDIT:
I was finally enable to reproduce this error on my dev-machine (i revoked my machine from the DC yesterday, but didn't reproduce it until today)
HttpContext.User is actually a WindowsPrincipal by default it seems, and the error in my code was that I only replace it with CustomPrincipal upon login. Hence, unathenticated users still get the WindowsPrincipal which then fails horribly if you have trust issues on your AD.
I tried changing the default principal by invoking this on appstart
AppDomain.CurrentDomain.SetPrincipalPolicy( PrincipalPolicy.NoPrincipal);
But this doesn't seem to kick in. How do I change the default Principal in ASP.NET?
Im returning the username from sharepoint site as a string. This is done successfully with the below code but I also get the domain with it. How can I only return the username and not the domain either through sharepoint or programmatically removing it? domain/username
[Code]....
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 2 RepliesI have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
View 2 RepliesI have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
View 3 Repliescould i use the begin request of Global.asax to redirect everything, from mydomain. domain to www.mydomain.domain?
View 1 RepliesWe're doing a whitelabelled version of our site, which will be hosted at foo.ourdomain.com.
However we need to ensure session is maintained between www.ourdomain.com and foo.ourdomain.com, as our SSL certificate only covers the main domain.
In practice this means we'll swap to the main domain on our payment pages, which run HTTPS, and then redirect back to the subdomain, after payment.
So the question is: How do we maintain the session when doing so ?
I've tried with <httpCookies domain=".ourdomain.com" /> in web.config to no avail :-(
Edit: Figured it out now, I lacked domain on my <forms /> tag to handle login properly.
I've got an Search Engine Optimisation problem where users are able to access my site by specifying any sub-domain. This is causing duplicate page issues with SEO.For example if a user mis-types 'www' then posts a link on a forum, google is crawling 'wwww.domain.com'. Furthermore, google is also crawling 'domain.com'.I need a way of forcing the site to always redirect to 'www.domain.com' regardless of how the user accesses the site.
View 4 RepliesI am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
this tells me to add a domin attribute like below
<forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/>
but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?