I have logout handler which used to work fine:
public void ProcessRequest(HttpContext context)
//// Sign out
System.Web.Security.FormsAuthentication.SignOut();
//// Clear Session
if (context.Session != null)
[code]...
i want to have several domains A, B, C where a user can enter his username and password to login to a common main domain D.
So the user goes to A, B or C, enters his username and password, clicks the "login" button, and is then on the main domain D in a logged in/authenticated state. Then the user does the things he wants to do, and then clicks the logout-button and is then returned to the original domain that he came from, be it A, B or C.
What is the best way to do this?
I currently use forms authentication in ASP.NET 4.0 (C#).
im using visual studio 2008. in my project im using forms authentication,my project structure is as follows
root
|
login.aspx
home.aspx
web.config
admin (folder)
|
admin.aspx
web.config
root web.config is as follows
[Code]....
and inner web.config is
[Code]....
and my users are
Username Role
admin1 Admin
admin2 Admin
user1 User
user2 User
as you can see that in second web.config, i gave access to users with "Admin" role and "user1" user.
for giving access to "admin" folder, i wrote the following:
[Code]....
and saved the web.config as
[Code]....
this is working fine when i run it from visual studio development server, when i host it in IIS, im getting the following error
[Code]....
here the problem is, it is not able to save the web.config i got one solution, that is, i added
[Code]....
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 1 RepliesI have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
I am browsing the page (http://jessie.mydomain.com/), then i click the Logout button in this page, it will be logout successful but it will not redirect to the page (http://www.mydomain.com/Default.aspx), it will show (http://jessie.mydomain.com/Default.aspx).
(1) In master page,
[Code]....
[Code]....
I Have gotten the logout authentication to work. THe problem was that after logout u can back browser back into the app. Now it does redirect to the app login screen, but this is good only one time. If you re-login to the app, relogout, and then try to back browser in, it goes back to the running app.
I would like to know how to get this logout process to work all the time. here is some code i have pertaining to the authentication process:
[Code]....
I'm using forms authentication in my web application. Is there any way to logout (FormsAuthentication.SignOut;) using jQuery library or javascript?
View 3 RepliesI am trying to achieve a SSO implimentation across my websites so i am using the machine key attribute to do so.now the trouble starts here as the website the user logs in is on the .net 1.1 framework and the website it it navigating to is .net 4.0.I have share the same machine-key across both the application . It works fine in my testing environment but as i move to the deployment server ,it just dosent work !So what i could do is read this article on MSDN :
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
this tells me to add a domin attribute like below
<forms loginUrl="~Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="80" name=".ASPXAuth" domain="asbc.com"/>
but this thing just dosent work on the 1.1 application and throws an error Unrecognized attribute 'domain'.
Where do i get to mention the domin in my 1.1 application.?
I have a web application build in asp.net and using a custom membership provider for authentication and authorization. Everything works fine except when the user click on the logout link to log out of the application and being redirect to a default cover page, if the use click on the BACK BUTTON on their browser, it will actually go back to where they were before and the data will still show up.
Of course they can't do anything on that page, click on anything link they will be redirect to a login page again. But having those information display is making a lot users confused.
i am just wondering if there is any way i can either clear the browser's history so use can't go BACK, or when they click on the back button and have them redirect to the login page.
We are experiencing some strange behaviour on one of our ASP.NET web servers (Windows 2003 64-bit). After some activity, two third-party controls are unable to run correctly. One is log4net (it does not write error messages out) and the other is a menu control (it displays eval message instead of picking up its license). The one common thread is that both controls pick up their config from external config files (linked to from web.config).
Just wondering if anyone has any thoughts on this or experienced this in any way. Is it related to file/folder rights? The server has been running fine for a while and just started exhibiting this behaviour. Perhaps it occurs around the time the worker processes are recycled.
How to logout from facebook once login through authentication of website
View 1 RepliesI have two domains: www.MySite.ORG and www.MySite.COM. In both, there are web applications done in asp.net 4. I would like to modify the web.config of www.MySite.COM so that all the visitors going here will automatically be redirected to www.MySite.ORG. I thought I could do this through the control panel in the webhost, but it seems it cannot be done.
View 4 Repliesdisable back button on my asp.net application. I Should not be able to go back to my previous page after I logout.
View 2 RepliesI want to stop search engines showing the non www. url in search results. I found the following code, will it do what I want?
[Code]....
we have 3 different domains and their active directory.i have to made a web serivce that when user gets logged in any of the domain and call that web service it takes the user credential.and then process the task and logged in the current user and domain of user. my iis configuration is 1) anonymous user disabled2)integrated authentication is enabled.and sending the user credentials as and then process the task and logged in the current user and domain of user.my iis configuration is1) anonymous user disabled 2)integrated authentication is enabled.
System.Net.CredentialCache.DefaultCredentials from calling application
our different servers are configured for any one of the 3 domains .when i use to call the web service (deployed on a server)from the same domain it
I have one web application that manages 20-30 websites (one asp.net engine loading different templates based on httphost)Im redirecting non-www requests to its www equivalent in my web.config using UrlRewrite.
<rules>
<rule name="301 Example Lazy Domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
[code]...
I have two different web sites in Intranet zone. They are placed in one domain (like http://site1 and http://site2.site1). They use Windows Authentication for common domain (like mycorpUser1, mycorpUser2, mycorpUser3).First web site(http://site1) have iframe element with hyperlink to second web site(http://site2.site1). When user loads first web site he needs write login and password twice. How to make that http://site1 and http://site2.site1 ask authentication only once?
View 2 RepliesI have a case where i have two asp.net applications, one is hosted on example.com/App1 and the other on /App2.
both applications are password protected using Windows authentication.
App1/default.aspx has a <img src="/App2/somefile.aspx">
Now what happens when i open App1 is that i get the credentials prompt, but because App2 is also protected, the HTTP GET for the img requires me to authenticate, in other words i get two prompts.
Is it possible to do something so that the authentication is for example.com so that both App1 and App2 consider the user authenticated?
I have an asp.net c# site that I have setup in IIS 7 and am loading into a sharepoint frame. Sharepoint doesn't prompt for domain credentials but my site does?In IIS I have enabled basic and windows authentication so I can get the domain users username, so if there is a way to get this without prompting that'd be a perfect solution for me.I am using the follwing statement to get username:
System.Web.
HttpContext.Current.User.Identity.Name
I work for a local library that just had a consulting company do a migration of their IIS installation from one server to another.It wasn't until a few days ago that my boss noticed that login.aspx seemed to have broken. I have little knowledge of ASP.NET but I just have a feeling this is something really simple. Here is the error when trying to login to the webapp:
Error authenticating. Error authenticating user. The specified domain either does not exist or could not be contacted.Active Directory was on a completely different machine and was not migrated to different hardware .The app connects to a sqlexpress server and that is running and the database is there ... Under ASP.NET Configuration Settings the sqlServerWebConnection points to the machine running the sql server. What am I missing?
EDIT: Under login.aspx.cs I have
string adPath = "LDAP://DC=COMPANY,DC=org"; //Path to your LDAP directory server ecause the webapp used to run on IIS on the DC, is that the line that somehow needs modified?
I have a simple script making a request to the server:
var DTO = { 'path': path };
var url = 'default.aspx/Get';
var test;
$('#getInstance').click(function () {
$.ajax({
url: url,
type: 'POST',
dataType: 'json',
data: JSON.stringify(DTO),
contentType: 'application/json; charset=utf-8',
success: function (msg) {
test = msg;
},
error: function (jqXHR, textStatus, errorThrown) {
alert(textStatus);
alert(errorThrown);
}
});
});
This works fine as in it connects to the server and gets the data back, with one simple problem. It is treating this request as a cross domain request, therefore using jsonp. The server code is here:
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public static MyObject Get(string path)
{
MyObject foo = new MyObject();
return foo;
}
Normally this would not be a problem, except that I am accessing a WebMethod, and it doesnt have the capability to return a jsonp response (meaning it has no way to attach the callback function to the response. Now, if this was a manual response, I could hack it up and attach the parameter, but I am taking advantage of the built-in serialization, so no way to mess around with the response. [URL]
Let me just stress the fact that this code works. The only problem is jQuery treating this request as cross domain. But Why? UPDATE: Well, after many more hours and more testing I have narrowed this issue down to it being a bug in jquery 1.5.1. I did some testing with older versions (all 1.4 versions) and I had no problem, the request was made using JSON, and the response was received successfully. What could be the change they made that would consider this request a CORS?
is it possible to preserve authentication for ASP.NET Forms authentication cookie,btween Http and Https (different domains) and back?I mean haveing single signon for two domains say http://www.mydomain.com and https://members.mydomain.comI've seen on quite asp.net sites that have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in.
View 1 RepliesWe are upgrading the asp.net 2.0 web application to asp.net 4.0. The application contain three main modules (sub application) like End User, Franchise and Admin with separate web.config, asp.net form Authentication, login page and running with single domain. the URL like,mydomain.com/login.aspxmydomain.com/franchise/login.aspxmydomain.com/admin/login.aspx In asp.net 2.0, working fine with 3 sub applications with separate form authentication under a single domain name and also we can working with all threes in same time. After the up gradation process (ASP.NET 2.0 to 4.0),We didn't run all three applications in same times and also form authentication crossed.
View 2 RepliesI'm bangin' my head against the wall here. I'm not even sure what I want to do is possible.
I have developed an ASP.NET app that will only be run on my local network (which incorporates a Windows Domain). It's running on IIS 7.5.I want to do this:
[Code]....
My problem is this: If I don't turn off Anonymous Authentication and ASP.NET Impersonation, I don't get the results I'm looking for. (if Anonymous is allowed, I get an empty string returned for username, and if ASP.NET impersonation is allowed, then "username" is always whatever account is associated with impersonation, like "Network Service"). If I turn those off and then turn Windows Authentication on, it works, but only after a dialog box presents itself asking for the Windows Credentials.
What I'm trying to do is NOT require the users to log in. Since they've already logged into the domain when they signed on their computer, I'd like to just allow them access to the ASP.NET application I've written, and identify who they are (based on their previous Windows login) using the line of code above. I don't need them to re-authenticate, because they're already authenticated from their domain login.I can't figure out what I'm doing wrong, or how to accomplish this. It seems the closest I've gotten to what I want so far, is to turn off all authentication EXCEPT for Windows Authentication. It works then, but only if the user first types in his/her username and password again in a dialog box. Is there any way to avoid having them type in their username and password again, but still be able to identify their domain username?
