So on my journey to become better at asp.net I've encountered a problem. I'm working on a login. I added some Style to it by adding a CSS file and after some time I made it look a lot better. Thereafter I added Asp authentication forms - which actually works great aswell except that if you're not logged in the CSS is not used. Once I've logged in and recieved a cookie I can go back to the login page and everything looks nice. But as long as I haven't "logged in" the page looks as if no CSS is used.
I'm trying to setup Forms Authentication in an asp.net mvc 2 application that will be hosted on IIS 6. There's an issue somewhere in my routing, but I can't pinpoint exactly where it is.
Here is the route entries I'm using to route the mvc requests through the aspx processing on IIS 6. These may or may not be the "right" way, but they do work on the server at current
Here I am using forms authentication and I have used an access database. I have put the db in App_Data folder and declared the connectionstring in web.config. The problem I am facing is that when I request any page without logging in the browser displays the requested page. At the bottom of the page there is a script error when I check the details it says Sys is not defined. Has this something to do with this issue??
In web.config file I have added the following lines in the <system.web></system.web> section.
On login button click after comparing userid & password I am using the foll stmts:-
If code = 0 Then ' code 0 means match for userid and pwd FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False) Else Response.Redirect("~/Default.aspx") End If
It is working fine in my local machine but when I deploy on my server then it is not working.is it any iss setting or something else.. what I need to do for this.below is web.config code and local machine having IIS 6.0 and Server having IIS 7.0
Recently I've implemnted Single SignOn feature in my website which was developed on Framwork 2.0 using visual studio 2005.These website works on all browsers perfectly except that there two systems in my testing environment where the FormsAuthentication doesn't work on IE only.
On Those systems itself FormsAuthentication works for other browsers like mozilla.On these system I have checked that FormsAuthentication cookie is created but it lost it value as soon as other page is traversed.But when I try to login again it give me the messsage that user is already login i.e. user was able to login successfully.Both of them are currenlty using IE 8.
I read that with IIS 7, ASP.NET has become an intrinsic part of IIS instead of an external ISAPI DLL. They say that the main reason for this change is that it's now possible to secure files that previously have not been handled by ASP.NET.
I want to check this out, so I have created a Forms authentication web site and added the following files to it:
Default.aspxLogin.aspxHtmlPage.html
Moreover, I have set the web.config to deny anonymous users and I have enabled Forms authentication in IIS.
Here's my problem:
While the ASPX page perfectly requires me to log in, the HTML page does not. It just yields error 401.2.
So my question is:
What did I do wrong? What is necessary to have HTML files (or images) secured using Forms authentication?
I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same Windows Server 2003 machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - [URL]
Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore.
which security update would have caused this and if its possible to fix or rollback?
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
I have a comment form inside the blog posts. in the form, if the user is authenticated, I will assign the values of the user into textboxes. that part is as follows;
[Code]....
But when I add HTML.TextBox instead of HTML.TextBoxFor, I am not getting validation if the user erase the fileds. Also, this form is inside the indext page and it is related to another action as follows;
[Code]....
so I cannot assign ModelState.AddModelError from controller.
I just found out that my site authentication is not working in IE8. It works in FF, Chrome, Opera but not in IE8. I've deleted all the cookies and temporary files but no change. After a short research I found out that there is some problems with the cookies with IE8.Look at this http://www.reachfarther.com/persistent_cookies_fail_in_ie8.htmlHere is my web.config
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
I'm trying to hit my intranet website and get it to run a simple sql query as the windows user I'm logged in as.
When I debug through Visual Studio, everything works great. When I hit the webserver though, I get an error from sqlconnection saying, "ERROR:Login failed for user 'YOUR_DOMAINYOUR_WEBSERVER_NAME'."
Request.ServerVariables[AUTH_USER]: YOUR_DOMAINUserBob System.Security.Principal.WindowsIdentity.GetCurrent().Name: NT AUTHORITYNETWORK SERVICE Page.User.Identity.Name: YOUR_DOMAINUserBob System.Threading.Thread.CurrentPrincipal.Identity.Name: YOUR_DOMAINUserBob
I am using forms authentication in IIS7 to password-protect a dev site, but the authentication seems to get by-passed when the site contains only static HTML files + login.aspx + web.config.
When I renamed the files to .aspx, I am prompted with the login form I am not doing anything fancy. I have a very simple login script and it should just redirect to index.html afterward.
To summarize, the entire site is using HTML (for now) and needs to be password protected.
by this I am able to redirect to Custom error page when I type a non-existing .aspx page.In the link it is explained to do one setting of adding .html extension link in IIS with "aspnet_isapi.dll" path. I did that setting even then the Custom error page for non-existing ".html" or ".htm" files is not working.
wanting to add the freetextbox from freetextbox.com to it.But before i add that I want to get html encoding working with out having to put the pagevalidation to false.This is what I've been reading and trying to work. I have the encoding from the database to teh site working fine. Its the encoding to the database that is being a pain in my back.http://dotnetslackers.com/articles/aspn /Encode_and_Display_HTML_Securely_in_ASP_NET_2_0.aspxI've added the validaterequest to false and encoding my text by the following. [Code]....
I set these setting below at the Web.config of my site And it still return me to the loginpage after about 20 mins I checked the Properties of the site at IIS and the time out is 660 However at the properties of the defaultWeb it's not 660 since it will influence all the sites and that I don't want
I'm trying to write a simple ASP.NET 4.0 app, using Windows authentication to login. This is on my peer-to-peer home network. When I click to login, it instantly shows my Windows identity, so it looks as though I don't even need to login, as it's already done that for me. However when I then go to any other page in the app, it looks as though I'm not logged in. Why is that and how do I fix it?
In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the method some degree of rejecting users if permissions don't match (ideally this should be performed within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract] public interface ISupportService { [OperationContract] [PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")] List<BaseInterestRate> GetAllBaseInterestRates(); } the code is simple enough: public class SupportService : ISupportService { public List<BaseInterestRate> GetAllBaseInterestRates() { OperationContext operationContext = OperationContext.Current; ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null using (xxxEntities entities = new xxxEntities()) { return new List<BaseInterestRate>(entities.BaseInterestRates); } }} My service configuration is thus: --> <behaviors> <serviceBehaviors> <behavior name="SupportServiceBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider" /> </serviceCredentials> </behavior> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN) How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN) How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN) Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
I have created a we app. using win authentication. When type the server ip addres in chrome I get the login window and it works just fine with my organizations credentials, however when doing the same using Internet Explorer I have to login with the server credentials as my account is not valid.
serverClass.GetInstances() {System.Management.ManagementObjectCollection} System.Management.ManagementObjectCollection + Count 'serverClass.GetInstances().Count' threw an exception of type 'System.Runtime.InteropServices.COMException' int {System.Runtime.InteropServices.COMException} IsSynchronized false bool
Code:-
const string WmiNamespace = //@"\localhost ootMicrosoftSqlServerReportingServicesv8"; // ORIGINAL @"\localhost ootMicrosoftSqlServerReportServerv9Admin"; // NEW ONE //@"\localhost ootMicrosoftSqlServerReportingServicesv9Admin"; // NOT WORKING COPY const string WmiRSClass = //@"MSReportServerReportManager_ConfigurationSetting"; // ORIGINAL // @"MSReportManager_ConfigurationSetting"; @"MSReportServer_ConfigurationSetting"; // NEW ONE string fullWmiClassName = WmiNamespace + ":" + WmiRSClass; ManagementClass serverClass; ManagementScope scope; //scope = new ManagementScope(WmiNamespace, connOptions); scope = new ManagementScope(WmiNamespace); // Connect to the Reporting Services namespace. scope.Connect(); // Create the server class. serverClass = new ManagementClass(fullWmiClassName); // Connect to the management object. try { serverClass.Get(); } catch (Exception ex) { throw new Exception("Could not get WMI information. " + ex.Message); }
