forms-authentication

问题 I am trying to write an ASP.NET MVC application which is a frontend to our CRM which has a SOAP web service. I would like the user to log in to my web application using their CRM username and password, and then authenticate against CRM, make web service calls on the pages etc. I started to look at using Forms Authentication and implementing a custom membership provider - I can implement all the methods I need to like ValidateUser() , but the problem I have is that after logging in to the CRM

问题 I'm creating a silverlight for line of business application, and I'm using Forms Authentication. For user management, I'm deciding between using the built-in "ASP.NET Web Site Administration Tool", or create my own custom thing in Silverlight (making this part of the application experience). What are the pros and cons for each of the two approaches? and which do you think would be best? 回答1: I just went through all of this, so I'll give the pros and cons I came up with: ASP.NET Web Site

问题 I've been experimenting with ASP.Net MVC, and have come across a problem that is probably not specifically MVC related. But I cannot get the authentication in the default MVC application (the one created by the wizard when you create a new MVC project) to work properly under IIS 7 on Windows 7. If I run under the Visual Studio environment, it works, but if I switch the settings to run under IIS instead, I get the following exception trying to submit the login or registration: Failed to

问题 Setup (using MVC 4) public class MyAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorised = base.AuthorizeCore(httpContext); if(isAuthorised) { // retrieve authentication ticket from cookie and // create custome principal and attach to // httpContext.User } return isAuthorised; } } Gloabl.asax.cs: public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); filters

问题 Code I have created a login page that combines Forms Authentication with Integrated Windows Authentication. public partial class Login : System.Web.UI.Page { // http://www.innovation.ch/personal/ronald/ntlm.html // http://curl.cofman.dk/rfc/ntlm.html // http://blogs.msdn.com/b/chiranth/archive/2013/09/21/ntlm-want-to-know-how-it-works.aspx protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { if (Request.Headers["Authorization"].IsNullOrEmpty()) { Response.StatusCode = 401

问题 Code I have created a login page that combines Forms Authentication with Integrated Windows Authentication. public partial class Login : System.Web.UI.Page { // http://www.innovation.ch/personal/ronald/ntlm.html // http://curl.cofman.dk/rfc/ntlm.html // http://blogs.msdn.com/b/chiranth/archive/2013/09/21/ntlm-want-to-know-how-it-works.aspx protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { if (Request.Headers["Authorization"].IsNullOrEmpty()) { Response.StatusCode = 401

问题 I'd been searching for a way to do cookie based authentication/sessions in Google App Engine because I don't like the idea of memcache based sessions, and I also don't like the idea of forcing users to create google accounts just to use a website. I stumbled across someone's posting that mentioned some signed cookie functions from the Tornado framework and it looks like what I need. What I have in mind is storing a user's id in a tamper proof cookie, and maybe using a decorator for the

问题 I know the security risk associated and have brought it up with the business, but they want to have their 5 domains to share the login cookie. We are using and have no plan to stop using ASP.Net Membership and Profiles. Is this possible? A hack would even be greatly appreciated. 回答1: It is not possible with out of the box ASP.NET. Forms based authentication is based on a cookie and cookies can only be set to a specific domain. If you want true cross domain (not sub domains) shared

问题 I know the security risk associated and have brought it up with the business, but they want to have their 5 domains to share the login cookie. We are using and have no plan to stop using ASP.Net Membership and Profiles. Is this possible? A hack would even be greatly appreciated. 回答1: It is not possible with out of the box ASP.NET. Forms based authentication is based on a cookie and cookies can only be set to a specific domain. If you want true cross domain (not sub domains) shared

问题 I'm using ASP.NET MVC 3, with forms authentication (based on modified vanilla account code you get with file->new). When you login, I am setting an auth cookie with FormsAuthentication.SetAuthCookie(userName, true); So this should set a persistent cookie. But if I close the browser and re-open, when I browse to the site I am forced to log in again! I can see using chrome dev tools that the cookie (.ASPXAUTH) is being created and not being deleted when I close the browser, so what's happening?