C# - Custom Forms Authentication In MVC?
Jan 3, 2011
I want to use authentication on my site in order to login to the Admin section. I already have my database schema, I don't want to use the ASP.NET membership tables for SQL Server. I have three tables: Employees, Roles, and EmployeesInRoles.
I'd really like to keep this as simple as possible, but I'm having trouble finding a solution. I just want to use forms authentication with my tables so employees can log in, log out, change their password, etc.
View 2 Replies
Similar Messages:
May 24, 2010
I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation. I am logging in my user like this:
if (PasswordHasher.Hash(password) == dataUser.Password)
{
FormsAuthentication.SetAuthCookie(email, true);
return true;
}
The problem is, when the session expires obviously the user has to login again. I am thinking I should be storing this Auth cookie in my users table? Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset.
I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.
View 2 Replies
Sep 27, 2010
In my earlier verison, I used Active Directory to authenticate users which was Custom. In the sense that, I had passed UserName and password along with a token request through datalayer to authenticate against AD. it would eventually check the DomainNameUserName, password against AD and will get authenticated.
View 5 Replies
May 3, 2010
We have Novell's Access Manager protecting our site. After the user logs in, Access Manager forwards the request back to a web page. On that web page, I need to read a combination of some Basic Auth username information as well as some custom header variablest that AM is passing to the web page. AM will continue to send these variables/values on every page as long as the user stays logged in.
What I'd like to do is create a class that checks for these values to evaluate whether the user is logged in or not. How do I gain access to those variables from a .cs class file?
View 3 Replies
Apr 13, 2010
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 Replies
Mar 8, 2011
Unfortunately, all the examples for Forms Authentication Code Behind w/ Custom Role and Membership Providers I find online are written with a VB.NET code behind and I need a C# code behind. I need a codebehind that will do the following:
authenticate user upon login button click
if user active_flag=0 (false) OR password!=@password, display error: "Access Denied"
if user admin_flag=1 & active flag=1 (true), redirect to admin_pageszipsearch.aspx
if user admin_flag=0 (false) & active_flag=1 (true), redirect to pageszipsearch.aspx
Default.aspx Code:
<asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
<LayoutTemplate>
<span class="failureNotification">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>......
View 1 Replies
Feb 7, 2011
I have an older custom classic asp app which handles time sheets for my organization. I would like to start migrate this application to asp.net. I am trying to figure out the best approach to implementing user authentication as the classic asp is built from scratch. For the new site, I would like to use the Login control to handle authentication but not sure the best way to wire it up to the existing SQL database with user name, password, and authentication levels. I have found this code snippit from the Microsoft site:
[Code]....
Unfortunately it does not suggest a connection mechanism. What would be the most logical / standardized way of making a connection to the db?
View 1 Replies
Nov 18, 2010
i have a web site that uses forms authentication. the problem is that i have the site installed multiple times on the same production servers because i need to have a few different login pages (based on the domain in this case). after the domain specific login page, the rest of the site is the same. obviously, this requires a lot of maintenance as each new version has to be installed multiple times on the server (with varying the login page in the web.config file).
so i thought is there a way to install the site on 1 folder on the disk, have a web site on the IIS take in all the needed domains and make some http module (or some other solution) in which i could give it a list of domains and the forms authentication for that domain. this way make the login page used by each site change according to the domain while still having only one site to maintain on the server.
View 2 Replies
Jan 20, 2011
I have done it as mentioned in the readme file in the samples folder. But after completing all the steps when I open my browser and give in the url http://<servername>:<portnumber>/Reports, it shows the following error:
The report server is not responding. Verify that the report server is running and can be accessed from this computer.
View 4 Replies
Feb 15, 2011
I am using Windows authentication in my asp.net project. We need to implement the security based on the configured GroupNames.
To simulate the Project environment i have 3 pages in my application .
1.TestPage.aspx 2.Main.aspx 3.ErrorPage.htm
When logged in user is in group or role "MyDomainDatawarehouse" i need to give access to Main.aspx page.If User not in that group and user tries to access the Main.aspx page by typing url in the address bar of Browser then i need to redirect user to the ErrorPage.htm. But this is the place where my code is faling. I guess some thing wrong in the web.config.
Note: All the authenticated users are permittedto see TestPage.aspx irrespective of their roles.
Note : All the .aspx and htm pages are in the same root
[Code]....
View 7 Replies
May 11, 2010
I'm trying to upgrade my mvc 1.0 application that had a custom written login. I assign the authcookie like this:
[code]...
And here if I debug _authRoles has "Admin" in it, and isAuthorized is always false.
If I check the "ticket" it has some: UserData = "Admin".
What can be wrong there? Is it the "User.IsInRole" that is different, or do I need to add something in web.config?
View 1 Replies
Aug 11, 2010
I have created a WCF service that will serve as authentication service for Silverlight client.The problem is that when I make a call to FormsAuthentication.SetAuthCookie in the Login method below, I get a null reference exception. I am following the 'Securing Applications Built on Silverlight and WCF' (http://www.componentart.com/community/blogs/milos/archive/2009/05/07/securing-applications-built-on-silverlight-and-wcf.aspx)
[Code]....
View 1 Replies
Mar 24, 2010
i am in the process of developing an asp.net mvc 2 social web app and some of the requirements have to do with users authentication and personalization. Site visitors should be able to login using credentials not only by registering to my site but also by entering external account credentials (Live ID, facebook, etc...). Also, users should have a custom profile, where they could enter personal details, preferences, etc...
Is there any good tutorial on how to implement custom membership and profile providers? The default Role provider that comes with asp.net mvc is ok and does not need to be re-implemented.
View 5 Replies
Feb 3, 2011
LoginPage.aspx:-
protected void Button1_Click(object sender, EventArgs e)
{
Context.Items["Username"] = txtUserId.Text;
Context.Items["Password"] = txtPassword.Text;
//
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Context.Items["Username"].ToString(), DateTime.Now, DateTime.Now.AddMinutes(10), true, "users", FormsAuthentication.FormsCookiePath);
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
Response.Cookies.Add(cookie);
Response.Redirect("Default.aspx");
}
Global.asax file:-
void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
Response.Write(HttpContext.Current.User.Identity.Name);
Response.Redirect("Default.aspx");
}
}
}
}
I get the following error after signing in This webpage has a redirect loop.
The webpage at [URL] has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
View 2 Replies
Sep 15, 2010
I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL.
`System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.
at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()
at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)
I am badly struck with this exception and unable to progress further.
View 2 Replies
Feb 18, 2011
how to implement WCF username authentication with a custom validator in both client side and server side. I am trying this since last 2 days. but no result.
View 7 Replies
Mar 18, 2011
I am using asp.net 3.5 web.config to limit access and it works great.
<authentication mode="Windows">
<authorization>
<allow users="Bill, John"/>
<deny users="*"/>
</authorization>
Unauthorized (but authenticated) users will be blocked by a system error message saying that:
Server Error in '/' Application Access is denied.
Description: An error occurred while Error message 401.2: Unauthorized: Logon failed due to server configuration.
In order to make the message more friendly, I uncomment the customErrors flag and create a GenericErrorPage.htm in the root path of my project.
<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
However, it just doesn't work. I still get the system error message rather than my custom error page.
View 1 Replies
Jul 19, 2010
I'm looking to implement my own basic webforms authentication. I don't want to use the 'membership' features in this case because I don't want to modify the database schema with all the membership elements that I won't use, and I don't need to support users across multiple applications. I want to wind up with one simple 'users' table that has username, password, passwordSalt, and several other fields to support custom user attributes specific to this application.
I was looking at this:
http://www.xoc.net/works/tips/forms-authentication.asp
but it's rather dated... is this still valid? I'm looking for guidance on what I need to do to implement a custom webforms auth solution. A very basic skeleton I can expand upon, or a good tutorial/guide that illustrates the necessary parts... just the basics..
View 5 Replies
Nov 10, 2010
I created a database for user authentication. After I pass loging parameters to the stored procedure in the database and they return a user ID for that user I use the following line for authentication:
[Code]....
User gets authenticated but the problem is that ASP.NET does not recognise the user as authenticated until the page is refreshed.
View 5 Replies
Feb 8, 2010
I think I'm missing something simple...I have a customRole Provider set up and it seems to be working fine - I can add/change/delete info using the WAT.For my Authorization I do a custom routine that is separate from the .net provider that basically says the users is or is not authenticated (true/false).If the user IS authorized how do I set the cookie (or whatever) letting .NET know who they are so I can use the roles on a directory level?I know I can use Roles.IsUserInRole on individual pages but I'd like to be able to use directory based authorization too (from the web.config).
View 3 Replies
Feb 21, 2010
I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are authenticated with ActiveDirectory. That's my approach so far. I can't get the cusstom Role Provider to work, anyone has the same situation like me. How do you make a custom Role provider works with AD?
View 1 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Finally, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users. see my tables diagram below:
Let's say I assign UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authorization ticket like ASP.NET role prover does too.
View 1 Replies
Oct 26, 2010
To begin with I work on the large application, that has a WinForms client and server. Server in our case is the set of WCF services. There is one service that is responsible for authentication of users. The logic of authentication is custom and complex and authentication service uses different membership providers.
We want to protect the access to server services for non-authenticated users. The users must firstly authenticate and than use other services (users in this case are the other systems, services, WinForms client, etc.). On this basis, we decided to use the ASP.NET Url/File Authorization feature.
So, I set on the ASP.NET compatibility mode, allowed cookie in all binding configurations, added AspNetCompatibilityRequirements attribute to our services and added the followingconfigurations to config:
<authentication mode="Forms">
<forms cookieless="UseCookies">
<credentials passwordFormat="Clear" />
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
<location path="AuthenticationService.svc">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
In the authenticate method of our authentication service I add the following code:
public AuthenticationResult AuthenticateUser(string username, string password)
{
AuthenticationResult result = new AuthenticationResult();
result = Authenticate(username, password);
if (result.IsAuthenticated)
FormsAuthentication.SetAuthCookie(username, true);
return result;
}
Next, I wrote the following code:
var authClient = new AuthenticationServiceClient();
var result = authClient.AuthenticateUser("user", "password");
var otherClient = new OtherServiceClient();
var temp = otherClient.DoSomething();
But after authentication I can't access to OtherServiceClient...
So, how can I share the call context between the WCF services calls? Could anybody provide some useful articles about this question?
View 1 Replies
Nov 19, 2010
I've a got an Asp.Net site that is using Forms authentication, I've also got custom errors configured in the web.config. One of these is a special error page for 403's (access denied). My question is how do I get Forms authentication to work smarter?
I would like Forms authentication to send users to login page only if they are not authenticated. If they are I want it to defer to the custom error pages that i've defined in the web.config. This seems like something very basic, how can this be achieved?
[code]....
View 1 Replies
Apr 4, 2011
I am trying to build an ASP.NET site that allows each user to set their own session timeout value. Basically from the user's perspective if they set their timeout value to 30 then that means that after 30 minutes of inactivity they are required to re-authenticate. If they set their timeout value to 0 then that means that they can leave the browser open as long as they want and their session never expires - they never have to re-authenticate. This is different than "remember me" functionality. If they close their browser they will have to re-authenticate.
Currently I am using Forms Authentication in my application and I have one object that I am storing in ASP.NET session. This object is a custom User object that has a number of different pieces of information about the current user.
What code would I need to write so that after successful login, the system has the proper authentication ticket and the proper session expiration value? I keep thinking I have this working and then I notice weird time outs where the system seems to think I am authenticated but my session has expired.
Currently on my login page I am using an ASP.NET login control. i have custom code in the Login_Authenticate event to authorize the user. Then I have the following code in the Login_LoggedIn event to set the auth ticket.
[code]....
View 1 Replies
