form-authentication

Authentication approach to be use in asp.net Web api and angular js

此生再无相见时 提交于 2019-12-04 12:54:16
I am creating 1 website using Web api and angular js and i am so much confused about Authentication to be used in my web site. I have created one login.js in which there would be my Login method which will post my Username/Emailid and password to my Web Api and the method in web api will authenticate that user. Code: $scope.Login() { $.post("api/Authentication/Login",Username,Password) { } } Web api code: [Route] Public Task<object> Login([FromBody] username,password) { //method to authenticate user from database. //Now the tricky parts comes like after authenticating user should i //just

Thread.CurrentPrincipal.Identity vs HttpContext.User.Identity [duplicate]

拟墨画扇 提交于 2019-12-04 03:01:44
问题 This question already has answers here : Closed 8 years ago . Possible Duplicate: difference between http.context.user and thread.currentprincipal and when to use them? What's the difference between these two in an ASP.NET application? I know the HttpContext.User.Identity is set when the user is authenticated through FormsAuthentication . But when is the Thread.CurrentPrincipal.Identity set? Do they always hold the same value? Does that still hold true for other layers of the application that

Spring security, either http basic or form login authentication

我们两清 提交于 2019-12-03 17:16:58
I have a web app developed using spring mvc and spring security 3.2. I want my app using http basic authentication for restful service and form login authentication for other part. Below is my security configuration: <http pattern="/services/**" create-session="stateless" use-expressions="true"> <intercept-url pattern="/**" access="hasRole('ROLE_REMOTE,ROLE_USER')"/> <http-basic /> </http> <http auto-config="true" use-expressions="true"> <intercept-url pattern="/static/**" access="permitAll" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login.do"

Tomcat: Custom form authenicator in a web application, not as a stand-alone JAR module. Possible?

浪子不回头ぞ 提交于 2019-12-02 04:08:35
Our web application requires custom form authentication with specific logic inside. The current form authenticator implementation requires the authenticator module, let's call it custom.auth.jar , to be present in %CATALINA_HOME%/lib before the web application starts. The web application uses that custom authenticator module using the following context.xml directive: <Valve className="foo.bar.CustomAuth" characterEncoding="UTF-8"/> As far as I understand Tomcat requirements, this module, custom.auth.jar , must be present in Tomcat's lib directory before the web application starts, because the

Thread.CurrentPrincipal.Identity vs HttpContext.User.Identity [duplicate]

冷暖自知 提交于 2019-12-01 15:08:41
Possible Duplicate: difference between http.context.user and thread.currentprincipal and when to use them? What's the difference between these two in an ASP.NET application? I know the HttpContext.User.Identity is set when the user is authenticated through FormsAuthentication . But when is the Thread.CurrentPrincipal.Identity set? Do they always hold the same value? Does that still hold true for other layers of the application that do not have access to a HttpContext ? HttpContext.User.Identity is the current logged in user in your web app. Thread.CurrentPrincipal applies only when the

Forms Authentication Timeout Logging

微笑、不失礼 提交于 2019-12-01 01:12:16
I want to detect when a asp.net Form Authentication ticket has expired. I then want to log to the server the user that was signed out because of inactivity. Is there an event that fires on the server when the authentication ticket has expired? <sessionState mode="InProc" timeout="5"></sessionState> <authentication mode="Forms"> <forms loginUrl="~/Home/AccessDenied" timeout="5" /> </authentication> In the global asax file, I have tried the Session_OnEnd(). But the context.user object is null. When i call membership.getuser() it returns null also. I have tried making the session timeout before

tomcat 7 Form based authentification

我只是一个虾纸丫 提交于 2019-11-30 22:38:13
given a Servlet HelloServlet: @WebServlet("/HelloServlet") public class HelloServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * Default constructor. */ public HelloServlet() { // TODO Auto-generated constructor stub } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub System.out.print("hello my Friend: " + request.getRemoteUser()); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("This is the Test Servlet");

How to extend aspnet membership forms authentication tables?

拥有回忆 提交于 2019-11-30 20:30:41
I would like to add a realName field in addition to the user's user name and email address. In the past I have created a new table that includes the username and realName columns when a user registers. However I would like to know if it is possible to extend the default asp.net forms authentication membership table or user table (or whatever table is necessary, to add this to) instead of creating a new table for this information. Question: How can i add a new column to authentication tables? StuartLC You should use the Membership User Profile API to extend custom properties to your users, and

tomcat 7 Form based authentification

喜欢而已 提交于 2019-11-30 18:27:52
问题 given a Servlet HelloServlet: @WebServlet("/HelloServlet") public class HelloServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * Default constructor. */ public HelloServlet() { // TODO Auto-generated constructor stub } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub System.out.print("hello my Friend: " + request.getRemoteUser()); response

Hybrid of Windows Authentication and Forms Authentication in ASP.NET MVC 4

瘦欲@ 提交于 2019-11-30 09:07:53
We have an ASP.NET MVC 4 intranet application. We’re using Windows Authentication and that aspect works fine. The user’s credentials are used and we can access those credentials from the web app. What we really want is some sort of hybrid mode, however. We want to get the user’s credentials from the browser, but we also want to verify that the user is in our application’s database. If the user’s in the database, then they can just continue on. If they’re not, we want to redirect them to a page asking for alternate credentials. What I’m doing now is, in Global.asax.cs , I’ve got an Application