Security :: Suddenly IE Users Cannot Login To Website
Jan 23, 2011
asp.net 3.5 IIS7 Hosted on Windows Server 2008 (virtual machine)
I have a website which have been running for about a year without any problems. Users have been able to login etc, but now I get reports about users not able to login while using Internet Explorer. Users using other internet browsers like FireFox, Chrome etc have no trouble logging in.
The website are using the standard Forms authentication.
Also lately another website has been setup in IIS7, but these sites are using application pool. I've stopped this webapplication in IIS, but that doesn't have any effect on my problem
I see that Windows Update have failed to install a lot of patches lately, not sure if that is related to this problem. But some of the windows patches are security patches.
I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
VWD 2010 Express. Windows 2003 Server. I decided to move my web site from the Inetpub folder on my C: drive to an Inetpub folder on my D: drive to free up space on C:. I moved three web sites. Two of the sites worked fine after the move (I went into IIS 6.0 and changed the home directory of all the sites). One site, which requires authentication using the Windows Active Directory (AD), did not work properly. I could access the site and login with any administrator login. But all other users, although they enter the correct credential, continue to be reprompted for their username and password. The site uses "basic authetication" to check users credentials against the AD. Can anyone think of a reason I would have this peculiar behaviour just because I move a web site's files from C:inetpub to D:Inetpub?
We have created a windows application which is distributed amongst our clients. The application uses SQL Server 2008 as the back end and each client uses their own database on their own server. The databases are all exactly the same but each clients data is specific only to them.
We would like to offer our clients the ability to log-in to our website which would then login to their own database so that when they are out in the field they can perform similar tasks to what they can do with the windows app.Each of the clients databases has a user table containing their login details, permissions etc.
Our server is running on IIS and has SQL Server 2008 installed but it only contains our data and nothing of the clients.How should we go about this?
What I mean is do we need to make each client have an additional login to our main server which would then hold each clients individual connection strings etc which would then be used to connect to there specific database and then they would need to login again?? Seems like a nightmare for the user.
I have been asked to use the login control to authenticate users to use the website. I have a master page which has header pictures and a menu down the left. I have created a login form and configured my web.config file to use form authentication but when I run it, it does not show my master page just the content page. Should my login page not be a content page?
how to write/use/implement a script that will allow users to enter a web application by clicking a button rather than entering their ID/PW? Seems like a lot of terminology around, SSO, Blind logon, yet all seem to be doable with an ASP script -
Web App contains detailed security for users, not all users are on Win AD, so that is not an option., I'm told (?) Do I need to use a spreadsheet to validate users access to the application, ?
Script that would pass "cookie" info and allow users to enter app without ID/PW. We have a custom logon.asp page the is using forms.
I have an asp login control that uses the standard aspnet database structure.I am using my own user identification system to identify a user based on login values that are not in the aspnet database and setting the user's aspnet database login to a universal login user and password.this works fine and I am able to test this by having one machine log in as "User 1" and another login as "User 2" but I am wondering if there is a limit to the number of user's that can be assigned to one username and password in the aspnet database for website access?Will the system reach the max number of user's in the aspnet database?
I've got a website project and I use my own login security and save the user and other info in session variables. Is there any way to know when they are online and offline by their user name I have in a session variable? Or do I need to use another method such as the asp.net user security?
I do know with the asp.net security I can check if a user is authenticated.
I have a login form and users have to enter their username and password for entering the sites ..
Also now its possible for users to enter the sites without login .. they can select the options in the menu and access them ... But i want to restrict the users ..only allow them to access the menu componets after login ... If they tries to access the contents a text have to display ask them to login
how can i do that... i am using vb.net as my language in the page
I have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.
The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....
I have a website that requires users to login, but I am having problems when authenticating a users.I create a user which works fine, I then test the login on the development machine and everything works fine the user is logged in.But if a try to login the user in via the live website (same database) I get errors stating that the login attempt has failed.I don't understand why it would work on the development machine but won't work with the live version of the website.
I want to know how to do Active Directory Authentication in my intranet web application,
So far I created a simple login page and I am using the login control. my questions are how do I configure the application, how do I interface the login control so it will take the user to next page once they input their usual active directory username and password.
we have a web site (Web Site 1) which is presently working and authenticates the users using ASP.Net login control.
We have a new site (Web Site 2) which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using
Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.
Im not sure what it is called, but I need help with this. I need some tips on how to get started on an ASP.net site that will have different users. When each user logs in, they will be able to enter their own personal information such as address, hours worked, their own timesheet etc. I want to have it so each user will be able to only see their own data, not any other data entered by other users. I hope I am describing it ok. Please let me know what this process is called, or any good ways to get started on this.
I've created a website with users and passwords and such for authentication.When a user is created through the "administer website" function of asp.net 4.0 where are the passwords stored? Is there a way to manually change passwords in the database?
i have a search box, many text boxes which taken various inputs and save it to database using primitive methods such as "insert into....." executenonquerry etc.have read something that " a textbox by itself can prevernt attacks known as sql injections" is that true?if sohow to enable it?does it need extra coding?
When user login into my application,the note saying that Welcome,Joe is show.But,when user try to input something into web page (such as fill in the text box),the LoginName1 that refer to "Joe" is suddenly disappear.Why this happen?
So, when i don't use Response.Redirect, the login succeeded, but all the links in the Response data refers to my development server, for example if i click on "support" link, it'll redirect the page to ("http://localhost:3506/support.cfm")!! which will rais of cource "The resource cannot be found" error
And when i use Response.Redirect, i'll loose the session, mean it'll not keep my login for the site.