It looks like JavaScript does not have access to authentication cookies ('ASP.NET_SessionId', '.ASPXFORMSAUTH') in the http headers I can see cookies but document.cookie object does not have them.
View 2 RepliesMy requirements is when one other website call my service (httphandler) and in response i will provide one parameter which is
value of form authentication cookie
now that website call my website with that cookie value as query string , how to check from that cookie value that particular use is authenticated or not ?
The reason i need to do this is because of Facebook Connect - which is another story, so i'll save you the drama for that. =) Anyway, i have this function that runs on window.onload:
function userAuth() {
SomeFunctionWhichGetsFacebookCookes();
if (!loggedInUsingFormsAuth && loggedInViaFacebook) {
window.location.reload(); // refresh page, so i can perform auto-login
}
}
So, i need help in getting the flag "loggedInUsingFormsAuth". I dont care what is in the cookie, just need to know if the current user is authenticated. Why am i doing this? Well, on window load, if the user is logged into Facebook but not on my website (according to the Forms Authentication cookie), i want to reload the page - which allows my ASP.NET website to read the Facebook cookies in the HttpContext and log the user in. I need to do this in JavaScript, because i dont have the Facebook cookies until i call "SomeFunctionWhichGetsFacebookCookies" - which can only be done in JavaScript.
So, how can i work out if the current user is authenticated via JavaScript? Do i have to manually traverse through the cookies, find the one i want, and inspect it? Is this a safe thing to do? Or should i alternatively write out the flag to the client from the server using RegisterClientScript?
I have web page that will call the macromedia detection tool kit. But I cannot get the hasReqestedVersion value before the page is loaded. I tried to use RegisterClientScriptBlock or RegisterStartupScript inside of the Page_load function.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head runat="server">
<script type="text/javascript" src="AC_OETags.js" language="javascript"></script>
<script language="JavaScript" type="text/javascript">.......
If I create a cookie in Javascript document.cookie = 'unseen' how do I delete it when I navigate away from this page? This is the only cookie I am creating on the page.
View 3 RepliesWe have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc).
Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control.
The client is redirected back to a pre-configured url on our original http web app when done.
However, the customer is then asked to "re-login" again on our side which is undesired...
It seems the forms authentication cookie is destroyed when transitioning between HTTP and HTTPS and back again.
How can I keep the forms authentication cookie alive so that the customer does not have to re-authenticate on the round trip?
i have an application and a user must log-in before he/she can access pages. now once the user logs in i keep the user details in a session variable (say Session["CurrentUser"]).now if a user tries to jump to a page directly i will check if the Session["CurrentUser"] has a value or not...if not then the user will be directed to the login page...my problem is that i have done this or rather say written this "Checking Code" on almost all the pages.
View 3 RepliesI am having a hard time implementing "Remember Me" functionality in an MVC application with a custom principal. I have boiled it down to ASP.NET not retrieving the authentication cookie for me. I have included a snaphot below from Google Chrome.
Shows the results of Request.Cookies that is set within the controller action and placed in ViewData for the view to read. Notice that it is missing the .ASPXAUTH cookie Shows the results from the Chrome developer tools. You can see that .ASPXAUTH is included here.
Does anyone know what the issue may be here? Why does ASP.NET not read this value from the cookie collection?
My application uses a custom IPrincipal. BusinessPrincipalBase is a CSLA object that ust implements IPrincipal. Here is the code for that:
[Code]....
I do not think that any of this is related because the bottom line is that the Request.Cookies does not return the authentication cookie. Is it related to the size of the cookie? I heard there are issues to the size of the cookie.
UPDATE: It seems that the issue revolves around subdomains. This site was being hosted with a subdomain and the cookie domain was left blank. Does anyone have any pointers on how I can get the auth cookie to work with all domains (e.g. http://mydomain.com, http://www.mydomain.com, and http://sub.mydomain.com)?
where external files / images are being loaded from. By this I mean that I'm aware that external JS files / Images are cached on the first load of a page. What I'd like to have is a tool that confirms to me that on subsequent requests these files are in fact being loaded from the users cache rather than downloading the file again.
View 3 RepliesDo we know the algorithm that asp.net uses to create the authentication cookie (when using forms authentication?)
Can we basically create our own copy implementation? if so, how?
What does it use to generate the encrypted cookie value, I know it uses whatever you pass into the SetAuthCookie call (which is usually the userID/username).
I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.
However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?
I have 2 websites running on localhost in different ports. As browsers do not differentiate port numbers when sending cookies, my forms authentication ticket from one site is being sent to the other
How do I solve this? I thought that a good solution would be to change the forms authentication ticket or one of the websites but I don't know how to do this.
I created a mvc helper that add some textbox with javascript.
I want to check if JavaScript file already exists on the page and if not I need to add it to the end of the page.
How can I do it in MVC 2?
I have a bunch of applications that currently share the authentication cookie in v3.5.
We're in the process of upgrading to 4.0 and also upgrading the applications as a whole. I have 1 done, and would love to deploy it. However, as soon as I do, I lose my sharing of authentication cookie in that application.
In each web.config, my machine key is declared. I removed the actual keys to protect the innocent. :)
<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<!-- DEV Server -->
<forms enableCrossAppRedirects="true" loginUrl="Logon.aspx" name=".COOKIENAMEHERE" protection="All" path="/" slidingExpiration="true" timeout="1440"/>
</authentication>
I'm using ASP authentication and the integrated webservice.
The user logins in with Forms authentication on a login page.
To log out, I call the authentication webservice from Silverlight and call logout.
Everything worked OK but now sometimes IE gets crazy and doesn't log out the user anymore.
I used Fiddler and it turns out that the authentication service returns a SetCookie to clear the ASPXAUTH cookie but on the next call IE still has the cookie set.
So off course because the cookie is there the user is authenticated and logs right back in rather than being directed to the login page.
I checked and didn't see any other description of the issue.
I can't reproduce it and my colleagues that have a misbehaving IE have it working fine on one environment and not on the other (one has the issue for DEV and another has the issue for the PreProd server).
My users need to stay logged in for 1 day, so I used a persistent authentication cookie with an expiration of 1 day but it still times out after 20 minutes (which is the default timeout for the session, not the cookie).
This is my code:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" path="/" />
</authentication>
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, "username", DateTime.Now, DateTime.Now.AddDays(1), true, "userdata");
string encTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
I also have manually-generated validation and decryption keys:
<machineKey>
validationKey="......."
decryptionKey="......."
validation="SHA1"
</machineKey>
We have had a bug recently where users are logging into an application with multiple browser tabs. They are editing a content page which means that they can be working on a page for sometime (ie with no postbacks) They finally click save and because the session has timed out it takes then to login page. I initally resolved they by adding a reminder that the session is about to expire which initally resolved the issue. It has been noted that even when they are within session time out they still got redirected to login page (and loosing the data on the form). We had real problems replicating the issue but have finally managed to do so now and I have learnt some curous features of .net Forms Authentication.
I have set up a test project which has the membership controls on etc. I have set the Timeout on the <forms> tag
<forms loginUrl="~/Account/Login.aspx" timeout="2" />Case 1I then open two browsers windows (side by side), both on the login page (and logged out)On the left window I login (and start a timer)after 40 seconds on the right window I navigate to a page (which takes me to the page as I have logged in on left window )I then wait until the full 2 minutes has elapsed (but before 2 Minutes and 40 seconds) and then try and navigate to a page on the left window.It redirects me to the login pageI would expect it to allow me to navigate to as I have kept my session open on the right window.Case 2I then open two browsers windows (side by side), both on the login page (and logged out)On the left window I login (and start a timer)after 90 seconds on the right window I navigate to a page (which takes me to the page as I have logged in on left window )I then wait until the full 2 minutes has elapsed (but before 2 Minutes and 40 seconds) and then try and navigate to a page on the left window.It Navigates to the page keeping me logged in.After a bit of reading around the subject I have found out that the slidingexpiration property only renews the cookie if it is in the last 50% of the timeout value:
Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed[URL]
My Question is: How can I override this bit of functionality?
Is there a property to set somewhere to "Always renew cookie"?
Is there another workaround. Unfortunately I can't increase the timeout because of a complience issue (it must be set to 15 minutes)
Since last week I've had a really odd issue with PageMethods, the forms authentication cookie, and the back button which i've never seen before.
Essentially, I have a 'home page' which on document.ready (using jQuery), loads some data through PageMethods, and then renders a list - from which you can click through to a details page about the item. In general use, it works fine. However, using the back button after clicking through (ie: going back to the home page), it throws a PageMethods error. The browser's 'authentication required' prompt appears, and if you click cancel, the server returns a 401. The error returned by PageMethods on the client side is 'authentication failed'.
After inspecting the request in Fiddler, the forms authentication cookie isn't sent with the request, which would explain why it is happening. My fiddler entry for the request looks like this:
[Code]....
What is the content of ASP.NET FormsAuthentication cookie value? How can I see the real value of the hashed string (in case that I have the decrypted key)?
View 1 RepliesI have 3 applications running at my end.
RootSite
RootSite/VirtualDirectory1
RootSite/VirtualDirectory2
I have a login page in three of these applications. When I login in either of these applications the .ASPXAUTH cookie is set but I am seeing that all of the three applications are updating the same .ASPXAUTH cookie instead of creating individual one. For example a user login on "RootSite", .ASPXAUTH cookie is created, now the user comes and login in the application "RootSite/VirtualDirectory1" and this time I am seeing the same .ASPXAUTH cookie is updating. I am confirming this because the created date of this cookie has been changed. So this means instead of creating a new cookie it is using the same cookie. How can I resolve this ? I don't want to interfere the logged-in logged-out status of one application with the other?
I used this following code to set authenticate cookie :
System.Web.Security.FormsAuthentication.SetAuthCookie(Profile.Email, true);
my question is how I can increase life-time for this authentication cookie ?
Once the user has authenticated, I would like to base all of the information displayed to the user based on their username. Isn't that saved in the cookie?
For instance, I would like to pull all of their client information using a GridView and have the parameter set to the appropriate authentication information.
Suppose I have a master page where I have written some javascript to access the value of a particular asp.net text box, which resides in one of its content pages, but not in all the pages. This piece of javascript code can't be moved to that particular content page because of some restrictions.
Now I need a way to determine whether or not that text box exists in the page, which will imply that the content page containing that text box has been loaded.
How I can I do that in javascript?
My requirement is that I have a few hyperlinks on a webpage and when the user clicks on these hyperlinks I should redirect the user to an asp.net web page(Default.aspx) in a different website.
For the 1st time when the user clicks on one of the hyperlinks it will launch a new browser window with the Default.aspx loaded and then if the user clicks on some other hyperlink I want to redirect the user to the existing browser window(in which deafult.aspx is already loaded)with the content related to this particular hyperlink loaded,instead of launching a new browser window/tab.
But I am not sure of how to achieve this.I wonder if I can add some js to the asp.net Default.aspx page to achieve this.
I am having a scenario, where i need to decode ASP.NET FormsAuthentication Cookie in other language to accomplish Single Sign-On.
I am having a ASP.NET website, that also has WCF Authentication service. But I have just come know that even Java and PHP Application are also going to use my Authentication Gateway to authenticate user and so enable Single Sing-On.
I am done with the same in .NET application but to perform same in non-.NET techs, I need to decode FormsAuthentication Cookie of browser. FormsAuthentication Cookie are Encrypted so there must exist a algorithm that can decode it or a kind of dll that I can load in Java and read it.