I'm trying to setup Forms Authentication in an asp.net mvc 2 application that will be hosted on IIS 6. There's an issue somewhere in my routing, but I can't pinpoint exactly where it is.
Here is the route entries I'm using to route the mvc requests through the aspx processing on IIS 6. These may or may not be the "right" way, but they do work on the server at current
[Code]....
I am developing a small website in vs-2005.
Here I am using forms authentication and I have used an access database. I have put the db in App_Data folder and declared the connectionstring in web.config. The problem I am facing is that when I request any page without logging in the browser displays the requested page. At the bottom of the page there is a script error when I check the details it says Sys is not defined. Has this something to do with this issue??
In web.config file I have added the following lines in the <system.web></system.web> section.
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Default.aspx" protection="All" path="~/" timeout="30"/>
</authentication>
<authorization>
<deny users="?"/>
<!--<allow users="*" />-->
</authorization>
On login button click after comparing userid & password I am using the foll stmts:-
If code = 0 Then ' code 0 means match for userid and pwd
FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False)
Else
Response.Redirect("~/Default.aspx")
End If
So on my journey to become better at asp.net I've encountered a problem. I'm working on a login. I added some Style to it by adding a CSS file and after some time I made it look a lot better. Thereafter I added Asp authentication forms - which actually works great aswell except that if you're not logged in the CSS is not used. Once I've logged in and recieved a cookie I can go back to the login page and everything looks nice. But as long as I haven't "logged in" the page looks as if no CSS is used.
View 3 RepliesBelow is my code for forms authentication in asp.net but some time it is not working means some time user is not logged in
FormsAuthentication.SetAuthCookie(authentificationString, rememberLogin);
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = System.Web.HttpContext.Current.Request.Cookies[cookieName];[code]....
It is working fine in my local machine but when I deploy on my server then it is not working.is it any iss setting or something else..
what I need to do for this.below is web.config code and local machine having IIS 6.0 and Server having IIS 7.0
I'm using IE 8 v.8.0.6001.18882
After upgrading ie my login form that uses forms authentication stopped working.
After studies find that IE8 has problems with the authentication cookies.
With all other browsers work perfectly.
My settings in web.config.
[Code]....
I tested all the values of being the only one that works is the UseUri but I do not control cookies in this way.
Recently I've implemnted Single SignOn feature in my website which was developed on Framwork 2.0 using visual studio 2005.These website works on all browsers perfectly except that there two systems in my testing environment where the FormsAuthentication doesn't work on IE only.
On Those systems itself FormsAuthentication works for other browsers like mozilla.On these system I have checked that FormsAuthentication cookie is created but it lost it value as soon as other page is traversed.But when I try to login again it give me the messsage that user is already login i.e. user was able to login successfully.Both of them are currenlty using IE 8.
Following is the settins of my web.config:
[Code]....
I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]
Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.
which security update would have caused this and if its possible to fix or rollback?
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
Here is the relevant section of my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ASPWebAuthConnectionString" maxInvalidPasswordAttempts="10000000" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="nvpumps"
requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false"/>
</providers>
</membership>
I just found out that my site authentication is not working in IE8. It works in FF, Chrome, Opera but not in IE8. I've deleted all the cookies and temporary files but no change. After a short research I found out that there is some problems with the cookies with IE8.Look at this http://www.reachfarther.com/persistent_cookies_fail_in_ie8.htmlHere is my web.config
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/Login.aspx" domain="ivan_g" name=".MY_WEB_AUTH_COOKIE" cookieless="UseCookies" slidingExpiration="true" timeout="10" protection="All"></forms>
</authentication>
<httpCookies domain="ivan_g" />
I want to run the site from my PC at the office so my domain is ivan_g I think. This is the Url:[URL]
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
I'm trying to hit my intranet website and get it to run a simple sql query as the windows user I'm logged in as.
When I debug through Visual Studio, everything works great. When I hit the webserver though, I get an error from sqlconnection saying, "ERROR:Login failed for user 'YOUR_DOMAINYOUR_WEBSERVER_NAME'."
Request.ServerVariables[AUTH_USER]: YOUR_DOMAINUserBob
System.Security.Principal.WindowsIdentity.GetCurrent().Name: NT AUTHORITYNETWORK SERVICE
Page.User.Identity.Name: YOUR_DOMAINUserBob
System.Threading.Thread.CurrentPrincipal.Identity.Name: YOUR_DOMAINUserBob
[Code]....
I set these setting below at the Web.config of my site And it still return me to the loginpage after about 20 mins I checked the Properties of the site at IIS and the time out is 660 However at the properties of the defaultWeb it's not 660 since it will influence all the sites and that I don't want
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="660"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>
<sessionState mode="InProc" timeout="660"></sessionState>
I'm trying to write a simple ASP.NET 4.0 app, using Windows authentication to login. This is on my peer-to-peer home network. When I click to login, it instantly shows my Windows identity, so it looks as though I don't even need to login, as it's already done that for me. However when I then go to any other page in the app, it looks as though I'm not logged in. Why is that and how do I fix it?
View 2 RepliesIn IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
</configuration>
App pool config (left out "handlers" for brevity, there's a 30000 char limit):
[Code]....
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the
method some degree of rejecting users if permissions don't match (ideally this should be performed
within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract]
public interface ISupportService
{
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")]
List<BaseInterestRate> GetAllBaseInterestRates();
}
the code is simple enough:
public class SupportService : ISupportService
{
public List<BaseInterestRate> GetAllBaseInterestRates()
{
OperationContext operationContext = OperationContext.Current;
ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null
using (xxxEntities entities = new xxxEntities())
{
return new List<BaseInterestRate>(entities.BaseInterestRates);
}
}}
My service configuration is thus:
-->
<behaviors>
<serviceBehaviors>
<behavior name="SupportServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Having already configured the MembershipProvider:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear/>
<add name="SqlMembershipProvider"
connectionStringName="SqlMembershipProvider"
applicationName="xxx"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="SqlMembershipProvider" applicationName="xxx"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="xxx" name="AspNetWindowsTokenRoleProvider
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN)
How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN)
How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN)
Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
Am I missing something?
I have website under "aaa.com" domain, and it's form authentication is working in that domain.
But when i call login page from "bbb.com" in frameset or frame, can't pass login page. İt's always redirect login page me.
internet explorer not working. But firefox work.
(There is no problem when i call "aaa.com/login.aspx" but if i call in frame "aaa.com/login.aspx" from bbb.com not work.)
I have created a we app. using win authentication. When type the server ip addres in chrome I get the login window and it works just fine with my organizations credentials, however when doing the same using Internet Explorer I have to login with the server credentials as my account is not valid.
View 1 RepliesI am trying to implement custom sercurity modal in Reporting Services and i am not successfull. I am getting instance count error at below line.
// Loop through the instances of the server class.
ManagementObjectCollection instances = serverClass.GetInstances();
I posted my question in the below forum and could not get answer yet.
http://social.technet.microsoft.com/Forums/en-US/sqlreportingservices/thread/81b5a886-cca5-4d13-9805-c5b57c8a20e9
The link i used for forms authentication is as follows:-
http://msdn.microsoft.com/en-us/library/aa902691(SQL.80).aspx
What could be going wrong? Why i could able to cross "scope.Connect();" AND "serverClass.Get();" and getting below error
and could not get any instances. I saw a help link of similar problem and given full permission, but could not get instances at all.
http://social.msdn.microsoft.com/Forums/en/sqlreportingservices/thread/fd5d19da-5cf5-45a9-bc77-7849a9565714
Exception Info:-
serverClass.GetInstances() {System.Management.ManagementObjectCollection} System.Management.ManagementObjectCollection
+ Count 'serverClass.GetInstances().Count' threw an exception of type 'System.Runtime.InteropServices.COMException' int
{System.Runtime.InteropServices.COMException}
IsSynchronized false bool
Code:-
const string WmiNamespace =
//@"\localhost
ootMicrosoftSqlServerReportingServicesv8"; // ORIGINAL
@"\localhost
ootMicrosoftSqlServerReportServerv9Admin"; // NEW ONE
//@"\localhost
ootMicrosoftSqlServerReportingServicesv9Admin"; // NOT
WORKING COPY
const string WmiRSClass =
//@"MSReportServerReportManager_ConfigurationSetting"; // ORIGINAL
// @"MSReportManager_ConfigurationSetting";
@"MSReportServer_ConfigurationSetting"; // NEW ONE
string fullWmiClassName = WmiNamespace + ":" + WmiRSClass;
ManagementClass serverClass;
ManagementScope scope;
//scope = new ManagementScope(WmiNamespace, connOptions);
scope = new ManagementScope(WmiNamespace);
// Connect to the Reporting Services namespace.
scope.Connect();
// Create the server class.
serverClass = new ManagementClass(fullWmiClassName);
// Connect to the management object.
try
{
serverClass.Get();
}
catch (Exception ex)
{
throw new Exception("Could not get WMI information. "
+ ex.Message);
}
I have implemented web authentication in my project. It works fine with the browsers like Mozila, Chrome and Opera Safari.
However it does not work with the IE 10 and above. I did google and came to know that this is the issue in the IE itself.
I implemented the suggestions provided like using the cookieless="UseCookies" in the forms tag.
However it still does not work. Below is the section of the relevant code -
<authentication mode="Forms">
<forms cookieless="UseCookies" defaultUrl="Default.aspx" loginUrl="Login.aspx"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
I know this is working correctly beacuse when I publish my website to my hosting provider, and request a resource in a protected directory, and I am not currently authenticated, I get automatically redirected to my login page and then once successfully authenticated granted access and redirected back to the sure *.aspx file in my protected directory (assuming I am authorized for those resources).
So that is working no problem.
However, when I run this from visual studio 2008 (F5) in debug mode, I am not being required to authenticate. It simply serves up the protected resource without asking for my credentials.
If I put a [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] on a BLL class method, it will throw an security exception, but the page that is calling it is in a secure directory and I am never asked to authenticate using the login page.
I am closing and re-opening brosers, clearing cookies, etc..., but no matter what I do I am not automatically redirected to the login page, and the secure page when I launch from visual Studio running on the embedded local host. Thiis working perfectly externally, same build, same web.config, pointing to the same database, on the hosting provider. (yes, eventually, I will be using dev/test/prod db configurations to test, but for now for simplicity I am keeping it the same)
Not only is it maddening, but worse yet, it would obviously make testing this application impossible after the initial release.
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 Replies'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....