forms-authentication

问题 When my web.config has the below httpRuntime, my controller cannot grab the cookie .ASPXAUTH. It seems to be able to grab any other cookie, with or without the period prefix. If I delete the below line, it works fine. <httpRuntime targetFramework="4.5"/> I'm using the following to grab the cookie. HttpCookie authCookie = Request.Cookies[".ASPXAUTH"]; Why can't I grab the Forms Authentication cookie? 回答1: I had similar problem - my app with runtime 4.5 was unable to read an .ASPXAUTH cookie

问题 I have a blog post page with comments. Any user (logged in or not) can see a form at the bottom of the page to post a comment. When user enters the comment and she is not authorized - the user is redirected to a login/signup page. After logged in, the user is redirected back to the action, but the POST data, containing the comment body, is lost. I use the ASP.NET MVC Authorize attribute to require authorization on some actions: [AcceptVerbs(HttpVerbs.Post), Authorize] public ActionResult

问题 I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario? Technical

问题 I have two websites with self written membership providers that are hostet on the same server in the same Web in different web-applications and different application pools. Formerly I had the problem, that I could not log on on both sites together. Thanks to Remy's post, this works now, I had to add the name -attribute to the forms element. But now I have the problem that the remember-me option of the asp login-control stopped to work. The user is logged off after the normal session-timeout.

问题 I'm using FormsAuthentication for an ASP.NET site that has a master page that displays the current logged in user, Page.User.Identity.Name. They can change their username in their settings, and when the do so, I update their cookie for them so they wont have to sign out/sign back in with a postback. FormsAuthentication.SignOut(); FormsAuthentication.SetAuthCookie(username, false); I'm probably being pretty nit-picky, but after they change their username the master page still displays their

问题 I have a web app can be installed on lots of domains and paths. So: client1Name.{mySite.com} client2Name.{mySite.com} demo.{mySite.com}/prospect1Name demo.{mySite.com}/prospect2Name demo.{mySite.com}/prospect3Name All separate application instances of the same code. The problem is that if a client logs in to client1Name.{mySite.com} then visits one of the other sites their browser will send the authentication cookie. In all cases FormsAuthentication.SetAuthCookie doesn't set either the Path

问题 I have the following ASP.NET Forms Authentication configuration: <system.web> <authentication mode="Forms"> <forms name="MembershipCookie" loginUrl="Login.aspx" protection="All" timeout="525600" slidingExpiration="true" enableCrossAppRedirects="true" path="/"> </forms> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> <location path="Home.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location If an anonymous user

问题 I am creating my own authentication ticket using the following code: string formsCookieStr = string.Empty; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // version username, // user name DateTime.Now, // issue time DateTime.Now.AddMinutes(30), // expires false, // Persistence userRoleData // user data ); formsCookieStr = FormsAuthentication.Encrypt(ticket); HttpCookie FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, formsCookieStr); HttpContext.Response

问题 I'm starting to learn ASP.NET Forms Authentication, and I'm looking for a good article to help me start. I've heard before that ASP.NET Forms Authentication uses a load of database tables preceeded with aspnet_ , however any examples I've found don't show this. For example I think theres an aspnet_users table? How can I generate these tables, and is this what I'm supposed to be doing? Any tutorials I find just tell me about adding the authentication tag into the web.config. 回答1: aspnet_

问题 I'm starting to learn ASP.NET Forms Authentication, and I'm looking for a good article to help me start. I've heard before that ASP.NET Forms Authentication uses a load of database tables preceeded with aspnet_ , however any examples I've found don't show this. For example I think theres an aspnet_users table? How can I generate these tables, and is this what I'm supposed to be doing? Any tutorials I find just tell me about adding the authentication tag into the web.config. 回答1: aspnet_