forms-authentication

Azure Active Directory Integration with WebForms Getting Infinite Loop at Login

余生颓废 提交于 2020-08-10 19:19:23
问题 I have read and followed this article to setup my site using our AAD (Azure Active Directory) to get SSO (Single Sign On.) I have gotten it to work in a brand new website both with localhost as well as when I publish it to Azure. Here are the settings for the working version's App Registration: Branding: Home page URL: https://<worksgood>.azurewebsites.net Authentication: Redirect URIs: https://localhost:44390/ https://<worksgood>.azurewebsites.net/.auth/login/aad/callback Implicit grant: ID

Azure Active Directory Integration with WebForms Getting Infinite Loop at Login

瘦欲@ 提交于 2020-08-10 19:18:47
问题 I have read and followed this article to setup my site using our AAD (Azure Active Directory) to get SSO (Single Sign On.) I have gotten it to work in a brand new website both with localhost as well as when I publish it to Azure. Here are the settings for the working version's App Registration: Branding: Home page URL: https://<worksgood>.azurewebsites.net Authentication: Redirect URIs: https://localhost:44390/ https://<worksgood>.azurewebsites.net/.auth/login/aad/callback Implicit grant: ID

Preventing Cookie replay attacks in ASP.Net MVC

折月煮酒 提交于 2020-02-14 06:32:10
问题 I have been tasked with implementing point 4 in this article: http://support.microsoft.com/kb/900111 This involves using the Membership provider to add a comment to users server side records when they log in and out, and then confirming that when a cookie is used to authenticate, that the user hasn't logged out. This makes perfect sense to me. Where this starts to fall apart is that we do not currently use a membership provider, and so it seems like I face reimplementing all our

MVC FormsAuthentication IsInRole in View not working

大兔子大兔子 提交于 2020-02-08 06:28:05
问题 I am authenticating a user: [Route("Login"), HttpPost, AllowAnonymous] public LoginViewModelResponse Login(LoginViewModelRequest data) { if(!Membership.ValidateUser(data.Username, data.Password)) { return new LoginViewModelResponse { DisplayMessage = "Invalid Username/Password!", IsSuccess = false, RedirectUrl = "/Home/" }; } FormsAuthentication.SetAuthCookie(data.Username, false); ClaimsIdentity identity = new GenericIdentity(data.Username); var roles = "Administrator,User".Split(','); //

MVC FormsAuthentication IsInRole in View not working

血红的双手。 提交于 2020-02-08 06:27:27
问题 I am authenticating a user: [Route("Login"), HttpPost, AllowAnonymous] public LoginViewModelResponse Login(LoginViewModelRequest data) { if(!Membership.ValidateUser(data.Username, data.Password)) { return new LoginViewModelResponse { DisplayMessage = "Invalid Username/Password!", IsSuccess = false, RedirectUrl = "/Home/" }; } FormsAuthentication.SetAuthCookie(data.Username, false); ClaimsIdentity identity = new GenericIdentity(data.Username); var roles = "Administrator,User".Split(','); //

Issue with specific version of IE/ Edge browsers (“Session_Start” event is triggered)

倖福魔咒の 提交于 2020-02-06 07:29:51
问题 I am facing a strange issue in a particular version of IE/ Edge browsers (Ex:- IE 11.0.9600.19329). The issue is, when I click on 'Ctrl+P' on a specific page in my application "Session_Start" event gets fired, which is not happening in other browsers. I have verified different forums, but couldn't find any solution. Any suggestion to resolve this issue? 回答1: Can't reproduce the problem, it works well on my side. Try to reset the browser setting (IE browser and Edge browser), if still meet

Where exactly does Forms Authentication exist in the Http Pipeline?

时光怂恿深爱的人放手 提交于 2020-02-02 11:00:12
问题 Where exactly does Forms Authentication exist in the Http Pipeline? 回答1: This is handled by an HTTP module, System.Web.Security.FormsAuthenticationModule. If you look at the system-wide web.config file, c:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config , you can see where it's mentioned in the <httpModules> section. The site-specific web.config file will inherit the configuration in that file. On each request, the module will look for an authentication cookie. If it's not

Where exactly does Forms Authentication exist in the Http Pipeline?

血红的双手。 提交于 2020-02-02 10:59:59
问题 Where exactly does Forms Authentication exist in the Http Pipeline? 回答1: This is handled by an HTTP module, System.Web.Security.FormsAuthenticationModule. If you look at the system-wide web.config file, c:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config , you can see where it's mentioned in the <httpModules> section. The site-specific web.config file will inherit the configuration in that file. On each request, the module will look for an authentication cookie. If it's not

Form Cookie Expiring too soon on production server

不羁岁月 提交于 2020-01-24 21:07:11
问题 i have following settings in web.config <authentication mode="Forms"> <forms loginUrl="~/Account/login" slidingExpiration="true" timeout="2880" protection="All" /> </authentication> but the cookie expires in less than five minutes of inactivity. Any clue on what is happening? 回答1: I recognize this behavior from a web host where I run one of my sites. It all started when moving to new servers, prepared for dotNET 4. The web.config is completely ignored and, as you mention, five minutes seems
订阅 forms-authentication