I built a web app a while back that is miss behaving out of the blue. Page.User.Identity.Name returns the machine name ie phil_toshiba/phil instead of the username i set when the user logs in through the log in form (should be an email address):
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(tb_email.Text, true);
I dont know why it has only just started doing it but it doesn't do it on the live site just the local project i need to work with to update some features. the live and local are in sync (code is exactly the same) only difference is the live site is compiled and using iis.
EDIT this is the authentication tag in my web.config file:
<authentication mode="Forms" >
<forms loginUrl="Default.aspx" name=".ASPXFORMSAUTH" defaultUrl="Sections.aspx">
</forms>
</authentication>
Check your web.config, it should be set to use Forms authentication not Windows:
<system.web>
<authentication mode="Forms"/>
</system.web>
Related
I have created one web application and when i run application in normal browser windows it works perfectly. But when i open same application in iFrame tag my cookies get vanished automatically.
When I Inspect browser window i can see the cookies and session but it won't work.
enter image description here
This is probably because you have not set the domain on the web.config
Some times you call the iframe with out the www. on your domain, and this is set a different cookie than when you have the www.
so on web.config set the domain where its needed, eg:
<authentication mode="Forms">
<forms domain="local.com" />
</authentication>
<httpCookies domain="local.com" />
I have added below config in web.config file
<sessionState mode="InProc" timeout="500" cookieSameSite="None"/>
<httpCookies httpOnlyCookies="true" requireSSL="true" domain="local.com"/>
<authentication mode="Forms">
<forms loginUrl="~/Auth" timeout="500" slidingExpiration="true" domain="local.com"/>
</authentication>
But still cookies not set. Could you please assist?
I have 2 mvc .net applications, 1 is written in vb and the other in c#.
The are structured as follows:
http://app1.example.com, (c#)
http://app1.example.com/site (vb)
The user initially logs into the /site app and has the ability to navigate to the root site.
My web.config application > authentication is as follows:
<forms
name="SITECOOKIE"
protection="All"
path="/"
domain="app1.example.com"
timeout="15" />
My issue is, the user logs into the http://app1.example.com/ site app where the Login controller takes care of the authentication process and sets the "SITECOOKIE". However, when navigating to the root site, http://app1.example.com, the root app cannot access or see the cookie "SITECOOKIE".
What can I do so the root app has access to the cookie "SITECOOKIE"?
You just need to set domain to example.com, if you want to share cookie between two websites.
<forms
name="SITECOOKIE"
protection="All"
path="/"
domain="example.com"
timeout="15" />
Ensure you set same machinekey in both web.config file.
I created two ASP.NET Web Forms Application in which I use separate Form authentication
with different machine keys .
But when I login in one of them I am logout in other.
Same thing happen on production server and on localhost.
If you haven't configured at least one of the two applications to use a non-default cookie name, they will both try to use the same cookie name ".ASPXAUTH", and if by "on the same server" you mean they are accessed using the same hostname, then logging into one will overwrite the cookie of the other.
Try overriding the cookie name in your Web.config, something like this:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".FOOASPXAUTH" />
</authentication>
And in the other application:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".BARASPXAUTH" />
</authentication>
I am using forms authentication in asp.net4. But the authorization is behaving very unusually.
Following is my web.config snippet-
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="2880" protection="All" path="/" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
When i try to open any web page i am redirected to Login page as expected. If close my browser i should be logged out, but thats not happening although i am setting persistentCookie=false as follow
FormsAuthentication.RedirectFromLoginPage(username, false);
Now after closing browser if a login again i am considered authenticated user, but if i clear cookie cache in my browser than i wont be considered authenticated user.
I am not setting cookie anywhere and i dont want persistent cookie, than why is this happening.
Please tell me if i am missing something.
Anobody know something related to this
I just found that this problem is only with Chrome 21.0, and not with Firefox 7.0 or Opera 11.4 (problem of authenticating even though session ends).
When you use authentication mode="Forms" your auth credentials stored in cookies by default. If you want to change this behaviour you can use cookieless="UseUri" attribute, than your credential will be stored in the URL. You can find more inforamtion forms Element for authentication.
timeout attribute specify how long cookies will be stored (in minutes) by default it is 30.
I have 3 application that need single sign on. These are the web config sections I am using for authentication, authorization and the machine key settings. All the settings are the same in all 3 web applications. It works perfectly in Internet Explorer, but doesn't work at all in Firefox or Chrome. Is there anything else I need to do to get this work with Firefox and Chrome?
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="2880" name="SSOCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="true"/>
</authentication>
<authorization>
<deny users ="?"/>
<!--allow users ="*"/-->
</authorization>
<machineKey
validationKey="2C02F632ABC3B809F0662B06EED7E985345504D93BB2893C3C8106F48A273054D4C29EDD63F34CF3E19C76AA8FCF12C28AC127A9C5D6DEFC139800B302CADBDC"
decryptionKey="D7367948DC5AA193408CADB000E580A0FCCD71D8412D28E9AC76455FA85DB766"
validation="SHA1" decryption="AES"
/>
It appears you have to enable this in FireFox on each client
Open Firefox and navigate to about:config
Type “ntlm” in the filter field
double click on network.automatic-ntlm-auth.trusted-uris
enter a comma and space separated list of urls that you want NTLM to be enabled for
for more details check out http://sivel.net/2007/05/firefox-ntlm-sso/
it seems that Chrome does not support NTLM
http://www.google.com/support/chrome/bin/static.py?page=known_issues.cs
however, the user should be able to enter her credentials once and have them saved.