forms-authentication

问题 I've been learning about the MembershipProvider class and I thought that the Membership.ValidateUser() method was supposed to be used to to log a user in. However, I just learned that there is a FormsAuthentication.Authenticate() . What is the purpose of ValidateUser() within Membership ? 回答1: In short, there are times when you might want to simply validate that a user is who they say they are without needing to persist an authentication cookie for any length of time. 回答2: It only check your

问题 When you have forms authentication setup to redirect to login.aspx when accessing a protected page, what's a good way to detect in login.aspx whether the user was sent there because they haven't logged on yet, or because their forms auth ticket is expired? I'd like to display a "you've timed out" message. (I do not mention the word session in this question, because ASP.NET treats them so distinctly, however, if there is a good solution that involves session, I'm all ears) I've solved this in

问题 In my application a role has several permissions. And I want users to have access to actions dependent on permission, not the role. So suppose: Admin has perm1, perm2, perm3, SuperAdmin has all the permissons that admin has + perm4 and perm5. Also, there are some minor guys also who have perm1, perm3, perm6, perm7. I want to do the following: I want action to be accessible by guy who has suppose perm3 or perm4. those two permissions are from two different roles. but beside perm3 Admin has

问题 I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes. I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1. The client is Internet Explorer 7.0 Below are the web.config settings: <!-- Authentication Mode --> <authentication mode="Forms"> <forms name=".RecipeViewer" timeout="240" /> </authentication> Below is the code used to set the authorization

问题 I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes. I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1. The client is Internet Explorer 7.0 Below are the web.config settings: <!-- Authentication Mode --> <authentication mode="Forms"> <forms name=".RecipeViewer" timeout="240" /> </authentication> Below is the code used to set the authorization

问题 I have a website that I would like to allow both Forms and Windows Auth for. My problem is that it seems that when you setup IIS to allow both anonymous (Required for forms auth) and Windows auth that the browser won't send the user's network credentials. It just uses the anonymous login. Is there any way either in IE8 or IIS to have it try Windows Auth 1st and then fall back to Anonymous? Thanks for any help. 回答1: You can't ask for HTTP authentication (whether that's Basic Authentication or

问题 I have a website that I would like to allow both Forms and Windows Auth for. My problem is that it seems that when you setup IIS to allow both anonymous (Required for forms auth) and Windows auth that the browser won't send the user's network credentials. It just uses the anonymous login. Is there any way either in IE8 or IIS to have it try Windows Auth 1st and then fall back to Anonymous? Thanks for any help. 回答1: You can't ask for HTTP authentication (whether that's Basic Authentication or

问题 I am trying to implement a very basic Asp.net forms authentication mechanism for a MVC site. The problem I am getting is that my authentication cookie is being set to expire after one year whereas I don't want it to expire after such a long time. Here is some of my code: web.config <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2" /> </authentication> controller ... FormsAuthentication.SetAuthCookie(username, false); ... I have found this answer (this question is

问题 I am looking into building an authentication in my ASP.NET application with the following requirements. A user has exactly one Role (i.e. Admin, SalesManager, Sales, ....) A role has a set of permissions to CRUD access a subset of existing objects. I.e. "Sales has CREAD, READ, WRITE permission on object type "Products" but not DELETE" Somehow I like the permissions to be in a hierarchy with inheritance so that I for i.e. Admin don't need to specify all available objects. The system must

问题 OK, here's a scenario: Bob logs into mysite.com, which uses .NET forms authentication, and ticks 'remember me'. Eve steals Bob's laptop Bob gets a new laptop, and changes his password. Now at this point, Eve has a stolen laptop, which has a persistent cookie stored on it, that will log her in to mysite.com as Bob - and, as far as I can tell, this will work even after Bob has changed his password . By default, the forms authentication cookie doesn't contain Bob's password (whether plaintext,