Im a rookie in asp.net and have managed to make a funktional webapp. I have a login page that also works correctly and checks username and Password from my mssql db.
My Problem is that i don't know how i can disable all my other sites if your not logged in? At the Moment i can access all my pages if i only now the URL.
So how can i track if im logged in and disable the sites and also i Need to know how to make a logout link that clears all Cookies or whatever it is that saves the Information.
I know this is probably a doublepost but i havent found anything that exactly explains my Problem until now.
Thanks
You are probably looking for the authentication modules, specifically FormsAuthentication.
Start here ... http://www.asp.net/web-forms/videos/authentication
Related
I am creating a console application in c#(visual studio).
but i don't know where to start.
1st i want to login(phantomjs or selenium)>>then go to a (specified)website URL and extract html?
i want to know how to save login information in my web request.
thank you.
Long story short, it's not easy to do that just with web request because each site has its own way of managing cookies and security.
It's easier if you use a web browser control to login first. From there, the browser can obtain a valid cookie and you can start crawl data from there.
I've done a similar thing with Chegg website. For details, you can check out my repository https://github.com/hungqcao/chegg-solutions-saver
In your case, it can get a little complicated since FB, Twitter may have 2-factor authentication or something similar to that but the idea stays the same.
Let me know if you need help.
I'm currently trying to connect my existing behaviour into IdentityServer3.
What I want to happen is when I post my login form back with username and password I can call my IdentityServer and authenticate in a single post request.
Are there existing helpers to support this?
Sorry If this has been asked I've been trawling around all day and haven't found anything.
So I have figured this out after loads of reading and playing, basically what I wanted was the resourceOwner flow which would allow me to authenticate without the browser. This isn't recommended as you loose the sso benefits. The other approach I looked at was to pass the post form values, username and password to the preauthenticate method on identity server. This seemed extremely hacky to me. I'll probably just use the normal flow if the client will allow it.
I have been browsing endlessly without really finding the answer i am looking for.
It may even be a stupid question answered in some others form, then please direct me there.
Basically, what i need is a button that redirects to Steams logon page where the user can login with his Steam user. When he successfully does, I just need the returned SteamId, and thats bacsically it! I dont need Steam as a login service, but more as a verfication method that the provided Steam user is who he says he is - i have my own login system for user etc, which is irrelevant.
I have tried using Owin's part that has steam as OpenID provider, but for the love of me i cant figure out how to untangle it to the simple thing i need.
Any ideas on how to do this?
Thanks in advance!
My asp.net app uses Forms Authentication which works fine. I want to also be able to create 'magic' links that someone can follow the link and not need to log in. e.g. if a user visits
http://myapp.com/viewstuff.aspx
then they'll be redirected to login.aspx first, but if they visit
http://myapp.com/viewstuff.aspx?ThingId=1234&Expires=20121004153200&Signature=aksdjfhalsdfydmvbsdkfjhysdk
then it will automatically log them in as a guest account and let them view the requested stuff. I can generate such links and write the logic to check the signature is valid, but I'm not sure where in the ASP.NET lifecycle to put my logic. Any suggestions?
Currently I've put the logic into Application_AuthorizeRequest but it doesn't seem ideal as I need to Redirect() the user once I've authenticated them. I'd prefer to be able to set something so say 'ok, I've authenticated this person and set their identity, let their request continue'.
If anyone has an example of implementing this that would be great.
Well, sounds like you are on the right track. You will be redirected to your login page if viewstuff.aspx requires authentication, so you will need to put the logic there (in login.aspx.cs) to pull out your query string, pull apart the values and authenticate the user before passing them back to the returnurl.
As of right now, I have the user register/log in and then if successful, redirect them to the homepage. However, this is extremely artificial as the user can simply type the url and go to any page they want. I'm fairly new to this and I've heard forms authentication mentioned multiple times as a way to do what I need: a simple means to prevent a user from accessing any page and once they haven't done a "Request" in awhile, I want them to be "logged out" and sent back to the log in page. I guess, in the end, I have three questions:
1) Can someone provide me a link to a great tutorial on authentication? I don't want to get too far in depth if I can avoid it.
2) Also, is it recommended to use cookies for this or not? I've heard different views on this?
3) I was told I can set this up in the web.config as well as in code behind? Is this true? If so, which do you recommend?
Thank you very much and I apologize for the broad question(s). If you need any more information, please let me know.
Here is Walkthrough: Creating a Website with Membership and User Logon that you can use.
As far as using cookies is concerned, they can be exploited. To be safe, its best not to put anything of value in them. If you have to, then you should secure them (another topic all together). In the scope of your question, know that ASP.NET encodes and hashes its authorization ticket so you are ok using the default cookie settings. More info on the Web.config form element attributes here.
Forms Authentication is setup in the Web.config file. You can set the slidingExpiration attribute to log a user out if they haven't made a request with in the time set in the attribute.
Take a look at this MSDN tutorial:
http://msdn.microsoft.com/en-us/library/ie/xdt4thhy.aspx
You can use the builtin asp.net sql membershiprovider and login controls for register and login this is implemented in the default web application project.
Then you can check the value of Request.IsAuthenticated in page load and redirect to login page with Response.Redirect(loginPageUrl)
1) http://www.asp.net/web-forms/overview/security good place to start.
2) If you are using the ASP.NET builtin authentication in most scenarios you dont have to worry about cookies. IMO nothing wrong with cookies :)
3) Usually you have to set this up in both. Generally you configure the auth method and the providers in web.config and do the redirection to login page in the codebehind or globally in global.asax.cs
Hope this helps.
Check How to: Implement Simple Forms Authentication.
This type of authentication requires a log-in form referenced in web.config. It can be done with or without cookie: Cookieless Forms Authentication.