forms-authentication

问题 Q 1. To my understanding FormsAuthenticationModule is subscribed to AuthenticateRequest event, and thus only after this event is fired, is FormsAuthenticationModule called. But the following quotes got me a bit confused: The AuthenticateRequest event signals that the configured authentication mechanism has authenticated the current request. Doesn’t the above quote suggest that when AuthenticateRequest event is raised, request (aka user) is already authenticated? Subscribing to the

问题 I am using the .Net memebership system, and uptil now I haven't had any real troubles with it. I now have a overlay where a user can create a profile. When the profile is created I just want to redirect to the same page, and not to the default page or the return url - which doesn't exists. I have tried to stop the FormsAuthentication.RedirectFromLoginPage response, but with no effect: FormsAuthentication.RedirectFromLoginPage(username, false); // End the redirect so it doesnt redirect to

问题 I am using the .Net memebership system, and uptil now I haven't had any real troubles with it. I now have a overlay where a user can create a profile. When the profile is created I just want to redirect to the same page, and not to the default page or the return url - which doesn't exists. I have tried to stop the FormsAuthentication.RedirectFromLoginPage response, but with no effect: FormsAuthentication.RedirectFromLoginPage(username, false); // End the redirect so it doesnt redirect to

问题 What is this cookie called when it gets set? Can I see it in my cookie folder for my browser? I think it doesn't get set so my login verification fails. 回答1: What is this cookie called when it gets set? The default name for the cookie is .ASPXAUTH . It's configurable through the web.config to have any name. <authentication mode="Forms"> <forms name=".SomeName" loginUrl="Login.aspx" /> </authentication> So check there for anything non-standard. Can I see it in my cookie folder for my browser?

问题 URL authorization only applies to Asp.Net related file types?1 But why couldn’t it also be applied to non-Asp.Net file types? Thanx 回答1: This is because of the script maps for ASP.NET. Only certain extensions are mapped into ASP.NET. The rest are handled directly by IIS. This is by design, for performance reasons. There are two ways to handle this. Duplicate your authorization rules in the web.config files in NTFS File ACLs (that is, set permissions on folders and files directly). Make sure

问题 URL authorization only applies to Asp.Net related file types?1 But why couldn’t it also be applied to non-Asp.Net file types? Thanx 回答1: This is because of the script maps for ASP.NET. Only certain extensions are mapped into ASP.NET. The rest are handled directly by IIS. This is by design, for performance reasons. There are two ways to handle this. Duplicate your authorization rules in the web.config files in NTFS File ACLs (that is, set permissions on folders and files directly). Make sure

问题 I want to have functionality on my application that lets a user check off that they wish to stay logged indefinitely (arbitrarily setting the cookie expiration at 3 months from NOW). The code I have for dealing with this is private static HttpCookie GetFormsAuthenticationCookie(string userNameResponse, bool persistCookie) { var cookie = FormsAuthentication.GetAuthCookie(userNameResponse, persistCookie); if (persistCookie) cookie.Expires = DateTime.Now.AddMonths(3); return cookie; } private

问题 I'm having a real bad WebForms day today! I have a mature WebForms web application using Forms Authentication. For some unknown reason my application has started to show Request.IsAuthenticated (on the Application_BeginRequest function in Global.asax ) despite going to the login page, logging in successfully and calling FormsAuthentication.RedirectFromLoginPage() . I just can't work out what is going wrong. Here are the checks that I have done. I am hoping someone might point out something I

问题 I am trying to get simple Forms Authentication setup with an MVC4 website. In App_start/FilterConfig.cs: public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); filters.Add(new AuthorizeAttribute()); } In Web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880" name=".ASPFORMSAUTH" /> </authentication> <authorization> <deny users="?" /> </authorization> In Controllers/AccountController:

问题 I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application. I've got two roles: Users Administrators I want pages to be viewable by four different groups: Everyone (Default, Help) Anonymous (CreateUser, Login, PasswordRecovery) Users (ChangePassword, DataEntry) Administrators (Report) Expanding on the example in the ASP.NET HOW DO I Video Series: Membership and Roles, I've put those page files into such folders: And I used the ASP