I have an MVC ASP.NET application set with "Individual user accounts". The log in and register features only works when debugging in Chrome. When i run without debugging on any browser including Chrome, i get redirected to the login page when attempting to register or log in.
In my web.config class i have this
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
Any idea as to whats going on?
I had the same problem before, and it's related to cookies and session state, try to run your solution without debugger in google incognito if it ran successfully, then clear your browser cache from settings (cookies).
for OWIN itself, make sure to update all of your nuget packages, this should solve the problem.
Related
I created a brand new Asp.Net Core 2.0 web mvc application with windows authentication enabled.
If I immediately hit play it prompts me for user credentials which is not what I want. If I hit cancel it then redirects me to a 401.2 unauthorized error screen with the following error:
"You are not authorized to view this page due to invalid
authentication headers."
When I then stop the application and enable anonymous authentication on the project and hit play again, it runs the application successfully but will not display my username. #User.Identity.Name returns empty string.
How do I get around the security prompt while still being able to display my username?
In the .NET Framework, I would use this in the web.config file along with anonymous authentication = true and it would work the way I want:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I am using Visual Studio 15.4.1.
I think that the <authentication> tag is related to ASP.NET, and not IIS. In ASP.NET Core, the System.Web pipeline doesn't run.
I've had success in implementing Windows authentication with ASP.NET Core by using the following configuration in the web.config
<configuration>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>
The <system.webServer> section is the one getting modified when you change the authentication settings through IIS Manager.
Edit after Ben's first comment
Sorry, I had misread part of your initial message, and thought that you were trying to deploy your application in IIS.
It looks like Windows Authentication is set up correctly since you get prompted for credentials. What I don't understand is why you get prompted. I'm using IE11, Edge and Chrome, and they all know how to send Windows credentials without prompting me.
What browser are you using when doing your test? Could you try with the ones I listed above?
I currently have an ASP .NET 4 project which I've attached a MVC project to. I have referrenced them correctly and I can get from the ASP .NET4 project to the MVC via href="MVC/Home".
My issue is that the ASP .NET4 project controls the login. This means when I log in on through the ASP project and navigate to the MVC project, it constantly tries to redirect me to the ASP login page but with the Virtural Directory extension (eg. Localhost:8080/MVC). This cause a 404 error which is understandable as MVC/login.aspx doesn't exist.
How do I check in the MVC project if the user has already logged in through the ASP project? Which is the only and will only be method of logging in.
The ASP projects web config referrences:
authentication mode="Forms">
forms name="" path="~/" loginUrl="~/Login.aspx" protection="All" timeout="30" slidingExpiration="true" /
/authentication>
The MVC project doesn't have anything to do with authentation and literally only has a one controller (HomeController) and view (index) which has some plain text on.
Any help would be really great.
Thanks
Inside the web.config files of both projects make sure that they both use the same keys and the same httpRuntime:
<system.web>
<machineKey validationKey="X" decryptionKey="X" validation="SHA1" decryption="AES" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
You can use http://www.developerfusion.com/tools/generatemachinekey/ to generade valid keys.
I have implemented a customer role provider in a C# MVC app.
It doesn't seem to be detecting the Windows user.
This was working fine yesterday.
The config for it looks like this:
<system.web>
<authentication mode="Windows" />
<roleManager defaultProvider="MyRoleProvider" enabled="true">
<providers>
<clear />
<add name="MyRoleProvider" type="CWC_Service_Plan.Security.MyRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
However adding a break-point in the code I can see that the User is not being detected.
I must have changed something without realising. What could be causing this?
[Edit]
Role-providers work by picking up the Windows username and then using it to authenticate.
No authentication happens if it can't pick-up the username.
The question is about why the username is not being picked-up, which I appreciate is a big question, so all suggestions are good suggestions.
[/Edit]
Have you disabled Anonymous access?
See Configuring Windows Authentication:
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab.
Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated 1. Windows authentication is the only selected check box.
This applies to Visual Studio too, it's a property of the web project (select the web project and press F4):
I've got this error when I run my web app in my visual studio 2012. This happens after I've changed the web config to windows authentication mode.
These are the lines of codes I've changed from the original web config.
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<identity impersonate="true" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
Actually, when I deployed this project to the web server, it works perfectly fine. Now, my problem is that I could not debug this project using the visual studio 2012 cuz I have this error. I've tried opening other project and it works using the visual studio and mine is not but these two have same set-up.
Please try following:
Go to IIS Server, Click on Web site you created and look for Windows
Authentication, It should not be disabled
Check the folder were you kept you code and look try to give the full
permission to the current AD user.
Alternatively, you can try creating the .html page in you home directly and try
browsing the page.
In Visual Studio, in your project properties, you can choose which type of server you want. You must choose "IIS Server" and "Create virtual directory" to be in the same configuration as your deployment server and be able to set all needed parameters.
You'll certainly need to open IIS manually (outside of VS) to configure security settings on your development WebSite.
Server Error in '/' Application.
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I've looked through countless of previous questions and I haven't managed to get it working.
I've edited my web.config file and included a generated key at no success.
Web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<machineKey validationKey="E91A16E07A8D628F1F1397962336B0C63B6DC45B8EB3D16BBD5E5761DD8AE462C04C1CC215904FF0353E84EF8194B48682114C72CF8E10F5295E5ADF36DBC520" decryptionKey="EFA118DF00BFB8206F24A1BB4AF7D18FBD6A605B44789E9048D8127FFF950A09" validation="SHA1" decryption="AES" />
<httpRuntime />
<pages enableViewStateMac="true" />
<customErrors mode="Off" />
<compilation targetFramework="4.0" debug="true" />
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</configuration>
This happens when I postback to another page!
Instead of using <form action="..."> to perform a cross-page post back, try changing your submit button to read <asp:Button runat="server" postbackurl="...">. Using the PostBackUrl property is the officially supported way to perform a cross-page post back, as it sets a flag in the request telling the destination page to ignore the __VIEWSTATE field.
The main problem lies in the Application Pool of your website.Configure your website to use the proper .NET Framework version (i.e. v4.0) under the General section of the Application Pool related to your website.
Under the Process Model, set the Identity value to Network Service.Close the dialog box and right-click your website and select Advanced Settings... from the Manage Website option of the content menu. In the dialog box, under General section, make sure you have selected the proper name of the Application Pool to be used.
Your website should now run without any problem.Hope this helps you overcome this error.