I'm using the following code in Global.asax.cs (which I believe is an MVC conventional name)
Configuration conn = WebConfigurationManager.OpenWebConfiguration("");
AuthenticationSection section = (AuthenticationSection)conn.SectionGroups.Get("system.web").Sections.Get("authentication");
Application["Expire"] = System.Convert.ToInt64(section.Forms.Timeout.TotalMinutes);
to grab the timeout from the following form in Web.Config
<authentication mode="Forms">
<forms name=".FooAuth" path="/" protection="All" requireSSL="false" loginUrl="~/Member/Login" timeout="30" />
</authentication>
Application["Expire"] always gets 30, despite any changes to the timeout variable. I'm thinking that I must be changing the wrong variable somewhere. Thanks in advance for the help!
Related
I want to add a login page to an ASP.NET Framework site, but the compiler doesn’t even load the view, instead throwing an error on the configuration.
The web.config contains the following configuration:
<authentication mode="Forms">
<forms loginUrl="/Login/Login"></forms>
</authentication>
My LoginController contains the following:
public class LoginController : Controller
{
[HttpGet]
public ActionResult Login()
{
return View();
}
}
But this is the error I receive:
The configuration section 'authentication' cannot be read because it is missing a section declaration
The <authentication/> element was first introduced in ASP.NET 2.0 as part of Forms-Based Authentication, which appears to be what you’re trying to configure.
If so, it is expected under the <system.web /> element (source):
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Login/Login"></forms>
</authentication>
</system.web>
</configuration>
You don’t provide the full context for your web.config file, but according to the screenshot of the error message, it appears as though you’ve inadvertently placed your <authentication /> element as a sibling of the <system.web /> element, not as a child.
The error message here certainly isn’t intuitive. But placing the <authentication /> element under the system.web element should resolve your issue.
Note: Since Internet Information Server (IIS) 7, there is also an <authentication /> element located under the <system.webServer /> element, under <security/> (source). This is a used to configure IIS’s authentication, and is independent of the ASP.NET Framework’s Form-Based Authentication.
<system.web>
<sessionState timeout="20" mode="InProc"/>
</system.web>
Is there anything else I need to do?
That should be alright but do also check if you are overriding that value in your code behind somewhere by saying below. Probably in the Global.asax file under Session_Start()
Session.Timeout = "40";
I know Forms Authentication is old, but when I run the web application locally using IIS Express, everything works well. But when I publish it to our development/test server, it just reloads the page. The dev server is running IIS 6.
One more thing to note, locally it runs as localhost:50264/Login. On the dev server, the url is more like http://dev1.server.com/op/webapp/Account/Login.
I notice that both of the cookies have the path "/". I did try to set change that by having this in my local web.config:
<add key="CookiePath" value="/" />
And then when I publish to our dev server it changest to:
<add key="CookiePath" value="http://dev1.server.com/op/webapp/" xdt:Transform="Replace" xdt:Locator="Match(key)" />
That didn't seem to work.
In another thread that I found in Stack Overflow, someone suggested to add this to the :
<system.webServer>
<modules>
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
</modules>
</system.webServer>
That didn't work either. Any help would be greatly appreciated!
UPDATE: 9/29/2016
I removed the CookiePath app setting and, instead made an adjustment to the authentication node. In my Web.config I now have:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" requireSSL="false" slidingExpiration="true" path="/" />
</authentication>
And in my Web.Debug.config I have:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" requireSSL="false" slidingExpiration="true" path="/op" xdt:Transform="Replace" />
</authentication>
Finally, when I create the cookie:
var authTicket = new FormsAuthenticationTicket(
1,
user.Email,
DateTime.Now,
DateTime.Now.AddDays(14),
true,
userData,
FormsAuthentication.FormsCookiePath);
When I deploy to the dev server, I check the web.config there and it did transform the forms node correctly.
When I go to login, I enter my credentials and it still refreshes the Login page. With the Chrome extension "EditThisCookie" I still see that the path of the cookie is "/". It doesn't recognize the change AT ALL. Even when I manually set the path of authTicket path to "/op" the cookie STILL has the path as "/". I have no idea what's going on. Ugh...
I use forms authentication also, here's my settings. You didn't show all your forms Authentication code, but hopefully this will point you in the right direction.
Web.Config
<authentication mode="Forms">
<forms loginUrl="members/login.aspx" name=".ASPXFORMSAUTH" requireSSL="false" slidingExpiration="true" timeout="120" />
</authentication>
Then I set the cookie in the code behind when the user logs in.
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(iMembersID, False)
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, "Member")
authCookie.Value = FormsAuthentication.Encrypt(newTicket)
Response.Cookies.Add(authCookie)
Then I test to see if they are authenticated on all pages that require the user to be logged in.
If Request.IsAuthenticated Then
Dim ident As FormsIdentity = CType(User.Identity, FormsIdentity)
If ident IsNot Nothing Then
Dim ticket As FormsAuthenticationTicket = ident.Ticket
Dim userDataString As String = ticket.UserData
Select Case ticket.UserData
Case "Member"
m_MemberLoggedIn = ident.Name
Case Else
Response.Redirect("~/members/login/", True)
End Select
Else
Response.Redirect("~/members/login/", True)
End If
Update 9/29:
Check to make sure the IIS Authentication mode to set to Anonymous
I went the easy way out and asked our IT Dept to create a subdomain so the path of the cookie will always be "/". Not an answer, but it's what I did.
Web Config:
<authentication mode="Forms">
<forms loginUrl="/Public/Login.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/>
</authentication>
Loggin Code:
if (userLoginResults.UserLoginStatus == UserLoginStatus.Successful)
{
var email = UserName.Text.ToLower().Trim();
if (userLoginResults.Contains(UserRoleNames.Admin))
{
FormsAuthentication.RedirectFromLoginPage(email, RememberMe.Checked);
Session["isMemberLoggedIn"] = true;
Response.Redirect("~/AdminPanel/Default.aspx");
}
}
//
var email = User.Identity.Name;
I did login by admin#admin.com but i am getting DESKTOP-OPT261T\mobasshir. this is my windows username..
How can i solve this?
I am using windows 10. microsoft visual studio professional 2013
Thanks all
I have fixed it by disable the windows authentication... i did it by clicking on webproject from visual studio and then pressed f4 then windows authentication to disbled
I'm new to ASP.NET MVC4 and therefore read many things about how to authenticate on an Intranet Website.
I've inherited of this type of project in order to improve it and after quick reading the source code, I saw that login/password are stored in clear text in a SqlServer database...
So my first improvement is to upgrade the authentication process in order to store passwords in the right manner.
Here is what I've done so far, in my GlobalAsax.cs add :
WebSecurity.InitializeDatabaseConnection(
connectionStringName: "AppConnectionString",
userTableName: "Employe",
userIdColumn: "IDE",
userNameColumn: "E_mail",
autoCreateTables: true);
in order to add the "webpages_*" tables to my database.
I changed the IIS configuration in order to deactive "AllowAnonymous" connection and activate "Basic Authentication".
But now I'm faced to Forms vs SimpleMembership, my Web.config:
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="true" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="30" />
</authentication>
Can someone explain me clearly the use of each attribute?
I don't understand because autoFormsAuthentication is set to false but authentication use it after.
What the enableSimpleMembership?
Thanks
It's hard to find any information on the topic but in my opinion autoFormsAuthentication set to true will set:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
If you need other parameter you need to use <authentication mode="Forms">
explicity.
Also autoFormsAuthentication redirecting unauthorized users from any contollers. Not only with 'authorize' attribute.
But it is just my opinion...