C# - .NET FormsAuthentication Generic Principal From Authentication Ticket?
Mar 2, 2011Does anyone know how to add a generic principal to the HTTPContext from the Forms Authentication Ticket?
View 1 RepliesDoes anyone know how to add a generic principal to the HTTPContext from the Forms Authentication Ticket?
View 1 RepliesWay to get FormsAuthenticationTicket after user logged in?
View 4 RepliesIf I have following code in my web.config file
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
</forms>
do I still have to create "Ticket" manually in code behind to actually create a login ticket as:
[code]....
I am using the ASP.NET login control. I want to be able to set the timeout for Forms Authentication individually for each user (instead of globally in the web.config). From what I understand the only way to do this is to set the timeout on the AuthenticationTicket manually. Is there a way to do this when using the Login Control? It seems to me that the Login Control abstracts away all of this. I am hoping that there is some way to continue using the Login Control, but also have the ability to set the FormsAuthentication timeout individually for each user.
View 2 RepliesI have an ASP.NET website that uses Forms authentication
<authentication mode="Forms">
<forms name="NewsCoreAuthentication" loginUrl="~/Default.aspx" defaultUrl="~/Default.aspx" protection="Validation" timeout="300" domain="someRootDomain.com" />
</authentication>
I need to identify if user is authenticated on web page after it was rendered to client. To accomplish this I thought that I can read document.cookie and check if ".ASPXAUTH" is there. But the problem is that even if I am signed in this value is empty.
How can I check that user is authenticated? Why document.cookie is empty?
here's what I have:
My asp.net 3.5 app uses Forms Authentication.
I create an authentication cookie (ticket) with an expiration date of one day.The cookie'sIsPersistent is set to true.
I do not use any session variables.
Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the cookie and the session worked independently. Shouldn't the user remain logged in as long as the cookie hasn't expired?
I have used the Forms Authentication for logging in and in that i have created the Forms Authentication Ticket and in that ticket i have passing the data with comma seperated values.how can i get the data which is in the ticket to access in the Authenticated user pages
View 1 Repliesi have a custom class has extra information about my users , i want to create an object of this class and attach it to current Authentication ticket , what is the best way to do that , i have read there is a userdata thing in the authentication ticket but it's type is String
View 5 RepliesThe constructors for manually creating FormsAuthenticationTicket objects force us to set an "expiration" value, and this value overrides the "timeout" setting in web.config in my tags, which is not what I want, because now the user doesn't timeout. The "session" just expires at the given time.I need to manually create my ticket for UserData reasons, and it is just the way I decided to build my app. I guess I could spend a whole lot of time and redo the way my app. authorizes, and store the "userdata" elsewhere... but this seems extremely tedious for something so small..Is there anyway to manually create an Auth Ticket and still maintain timeout settings?! And by timeout, I mean resetting the timer on user activity. Not a fixed timeout!
View 1 RepliesI'm having a problem trying to delete the form authentication ticket (.ASPXAUTH) from the server side. It would be the same to delete or invalidate the ticket so the client could not reuse it.
So far, the only solution I've found is to delete the ticket from the client side (through a "Set-Cookie: .ASPXAUTH=;") but nothing seems to be implemented and/or working for doing so in the server side. The final idea is that if someone steels that ticket
In particular, I'm working in C# but as it's rellated to the Dotnet Framework any implementation of the solution would be OK; I tried all the possible things and nothing worked out, even invalidating the session but nothing.
I am getting this error many times in the event log , and users are logged out .
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 3/10/2011 3:35:22 PM
Event time (UTC): 3/10/2011 8:35:22 PM [code]...
I am not using web farms. I do not think the app pool is recycling , i compared the Process ID in several events and it is equal . My machine key is not AutoGenerate .
My event log is flooded with this message: Forms authentication failed for the request. Reason: The ticket supplied has expired.I think this happens when people timeout instead of logout.First of all , this is not an error, it's Type: InformationI don't want this information, how do I stop ASP.NET from logging it?My application is not web-farmed, and uses a static machine key.
View 1 Replieswe recently upgrated our project from 1.1 to 2.0. since then we are seeing "Forms authentication failed for the request. Reason: The ticket supplied has expired" in Event Viewer. this keeps coming 1-2 times for every minute. this is the full message. this also made the response time increased it seems.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 1/25/2010 5:00:30 PM
Event time (UTC): 1/25/2010 10:00:30 PM
Event ID:
Event sequence: 20601
Event occurrence: 2692
Event detail code: 50202.....
What is the content of ASP.NET FormsAuthentication cookie value? How can I see the real value of the hashed string (in case that I have the decrypted key)?
View 1 RepliesSince we updated our website to .NET 4.0, users using a proxy-server can't login in our webapplication anymore.In the event-viewer on the server this error is thrown:Forms authentication failed for the request. Reason: The ticket supplied was invalid.This problem only exists for users with a proxy, all other users can login normally.We are not using a web garden or multiserver (load balance) environment, just a webserver and a databaseserver.
View 4 RepliesWhat is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
I'm trying to implement a custom principal and custom identity in a .NET MVC website. I've created a custom principal class which inherits from IPrincipal and a custom identity which inherits from IIdentity.
When a user logs in I set both Thread.CurrentPrincipal and HttpContext.Current.User to my custom principal. When I view either through the debugger the values are set with all the properties.
However once the request is complete and I try and request any other pages both Thread.CurrentPrincipal and HttpContext.Current.User are of type System.Security.Principal.GenericPrincipal and not my custom principal.
Do I need to do anything "extra" to get my custom principal out of the thread or HttpContext?
I have restored a database from the .bak file on live server.But it keeps creating error in log and I checked it through sql server 2005
management tool . I found the folloing error :"the activate proc[dbo].[procname] running on queue databasename.dbo. storedprocedurename output the following 'Cannot execute as the database prinicpal "dbo"
does not exist,this type of principal cannot be impersonated,or you do not have permission".
And the log file size is increasing with a great pace and I need to delete the log files mannualy as it reaches the size of 90gb in few days.
But if I restore the same .bak on my local system then it does not create the same error log.
I'm trying to create a control out of a class I found, and one of the overridden functions is the following:
protected override void PerformDataBinding(IEnumerable data)
However, when I try to build the control I'm getting the error as shown in the subject. I've tried searching, and it seems the signature for the original function matches the one I have, and all other solutions I've seen uses the same signature.
What is the difference between generic and non-generic collection?
View 1 RepliesI have Create a Custom Principal and a Custom Identiy for my Web Application and upon forms authentication
1 Create a profile of type object
2 Assign it to the Principal profile
3 assign the principal to the Http.Current.User (this now has the complete profile information )
As i understand upon redirection the principal is recreated and i loose the information i had stored in the profile.
I there a way to persist the profile information ?
I though can achieve persisting some information using FormsAuthenticationTicket in userData but that wouldent solve my purpose ..
I want to create a small helpdesk ticket control system at work, that would allow users to enter a help request ticket; these tickets would then be assigned to a technician to work on, and the technician would mark it as "FINISHED" after the job is done. The requesting user would then be able to confirm and "CLOSE" the ticket, so that a Help Desk supervisor can keep track of response times and other stats based on the ticket details. Nothing too complicated, using .NET and SQL Server.
I am not sure if I should develop this as a Web application or a Windows application. This application would be used in the plant floor, so it would have to be easily available in the LAN. But we currently host a list of Windows applications via Citrix, so deployment would not really be an issue here. I don't really have experience creating winapps from scratch (though I've modified quite a few), but it feels like a web application would not look as "solid". What advice can readers provide that could guide me into deciding the better architecture for this purpose?
I am developing a asp.net application using SQLServer 2008 and I have a page "Default.aspx" in which i have userID and Password textboxes and a SUBMIT button. Here is the script I am using to authenticate.
[Code]....
Well now i want to know that by using FormAuthenticationTicket how can I check on other pages if user is authenticated user cause in the URL if i just change the page like "Main.aspx" and hit it takes me there which should not happen and redirected to Login page.
How should i check on every page on page load event if user is authenticated or not and if not then redirected to Login.aspx.
I want to create a page for the student to download the hall ticket by putting their rool no and date of birth in the textbox and authenticating it.... I am planning to use xml file for student data, how can i do this, how cant retriew the data and generate a pdf file and allow it to download...
View 1 Repliesi want to make website where users can book tiket online. i want to make quickbook like [URL] in this webiste to make this quick book like to work. how to do this type of quick book methods for booking online.
View 3 Replies