I have ASP.NET app which can automatically login anyone who is in my database. Any page is auto redirected to login page if user is not authenticated and login page will find user and authenticate him.
protected void Page_Load(object sender, EventArgs e) {
var emp = SQLSelects.SQLSelects.SelectEmployee(Request.LogonUserIdentity.Name);
if (emp != null){
Session.Add("UserName", emp.Login);
Session.Add("Access", (int)emp.acessLevel);
FormsAuthentication.RedirectFromLoginPage(emp.Login, true);
}
}
Everything worked but now it just throw some kind of Login pop-up formular and request login and password. I don't know why, because I do not know that I was coding anything like that. Any combination of user name and password is not working
In Local Host everything work like it should so I cannot find any problem, nothing. In remote server there is just white screen and login form.
Long story short, windows server itself turn off authentication of everything (all our websites fall) and equest update. After update everything is OK.
Related
I've got a page to submit data into a database and I want to either re-direct them to a different page if they arent logged in OR disable the submit button at the bottom. I'm doing this in my page load event of the page to be denied access.
I've researched and found this in many spots but what exactly am I placing into Session["???"] I'm using the login/register feature provided by asp.net Web Forms
protected void Page_Load(object sender, EventArgs e)
{
if (Session[] == null)
{
Response.Redirect("~/Default.aspx");
}
}
You can use HttpContext.Current.User.Identity.IsAuthenticated to check if there is authenticated user or not
You want to check if the user who made that page requested is authenticated or not. You can do that by checking User property of Request object like Request.User.IsAuthenticated
If(!Request.User.IsAuthenticated)
Response.Redirect("~/Default.aspx");
I've created a custom login module for DNN with mixing authentications: 1) Authenticate thru ADFS. 2) Authenticate with regular forms authentication. Everything is working except:
protected void Adfs_Click(object sender, EventArgs e)
{
HttpContext.Current.GetOwinContext()
.Authentication.Challenge(new AuthenticationProperties { RedirectUri = redirectUrl },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
the first click reloads the page and always works the second time. I've tried to disable the forms authentications like this post suggest, but because I'm working with DNN I can't do that.
I also test triggering the event on the Page_Load and works, but I want to allow the DNN native users to be able to login direct to DNN (host user) ... so I can't do the challenge there either.
Any help on what should I do to make the challenge works with the first click?
Thanks in advance.
I've got a requirement such that, when a user logs in while completing a multi-form data submission process, their profile is checked against the data they've already submitted and certain classes of users will be shown an alert message; i.e. some users get a popup message when they login.
The popup will use the ModalPopupExtender from the Ajax toolkit which is in line with similar functionality elsewhere in the code base.
The problem I've got is that as soon as the user is validated, the user is always redirected to the originating page; I want to suspend this action until the user has been shown the message and then perform the redirection when the user clicks to dismiss the message.
Can anyone suggest a solution to this (using .NET 3.5)?
EDIT
Since it's been asked for, the login page has a user control which contains an control. The control handles the OnAuthenticate event which basically calls:
protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
bool isValidUser = Membership.ValidateUser(FullLogin.UserName, FullLogin.Password);
if (isValidUser)
{
e.Authenticated = true;
}
...
}
It also handles the LoggedIn event which performs some business logic and raises a 'LogInSuccessful' or 'LoginFailed' event handled by the page. A successful login will the redirect the user back to the originating page.
I've already refactored out the manual redirection code to be called when the info box is dismissed but it appears that forms authentication is redirecting the user automatically which is the behaviour I'm trying to override.
When you login with forms authentication, user is carried to the login form and back to the origination page by asp.net.
Once you have authenticated the user, it will take him back to the originating page.
If you have to do it on this page, you must for this group of users, cancel the authenticate and then show the message.
protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
bool isValidUser = Membership.ValidateUser(FullLogin.UserName, FullLogin.Password);
Session["isValidUser"] = isValidUser;
if (!Session.ContainsKey("isValidUser"))
{
e.Authenticated = false;
}
else
{
e.Authenticated = (bool)Session["isValidUser"];
}
...
}
When the user clicks the ok button, you must then postback and authenticate the user. This will need you to store the result of authenticate from the previous call in session.
It might be simpler to put this message in a common master page, let asp take the user back to the originating page and show the message there.
The first page of our webapplication is a Login-Page.
We are using FormsAuthentication. We are not using a database, but multiple Active Directories. So we fill the FormsAuthenticationTicket by ourselfs.
This works great for one Active Directory, which is on our own network, but this isn't working for another Active Directory which is on another network.
When I look at the logging, getting the information from the Active Directory works, but when I'm finished getting the information I redirect to another page, and this just doesn't happen. The page posts back, but does not redirect.
I don't know where to look. I'm using dynamic impersonation, maybe this has something to do with it?
EDIT: So it IS redirecting. I have a returnUrl.
But it still is weird, the logging tells me the user is authenticated. When the user is authenticated but no roles are found I do something like
protected void Page_Load(object sender, EventArgs e) {
m_logger = new Logger(22, MethodBase.GetCurrentMethod().DeclaringType);
if (User.Identity.IsAuthenticated) {
KanoWebIdentity kanoWebId = (KanoWebIdentity)User.Identity;
m_logger.Debug("Een geauthenticeerde gebruiker laadt Aanmelden.aspx, zijn rechten worden getoond.");
ShowNoPermissionMessage(kanoWebId);
} else {
m_logger.Debug("Een niet geauthenticeerde gebruiker laadt Aanmelden.aspx.");
}
}
It looks like everything in the cookies/session is lost after the redirect?
Thanks for the tips guys.
Using Fiddler we found out that the cookie was empty.
The roles string was too big.
Find more information here http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx
Thanks again!
I have an ASP.NET Role/Membership based forms authentication site. There's a subfolder and its pages which can be accessed only by a certain role. The problem is, login page does not display any error message if any user from non-allowed role group logins in login page. I mean, when a user from AllowedRole logins, the login page redirects the user correctly to the protected page, but when a user from NonAllowedRole tries to login, he/she correctly logs in but there are no error messages displayed, the user is back to the login page without any information. I do have a FailureText set in Login form but it's not displayed. loginForm.LoginError event is also doesn't get raised. I tried this code but it doesn't display either:
protected void frmLogin_LoggedIn(object sender, EventArgs e)
{
if (!User.IsInRole("AllowedRole"))
frmLogin.FailureText = "Access denied.";
//Label1.Text = "Access denied."; //doesn't work either
}
What am I doing wrong?
On thing you can do is check the ReturnUrl query string parameter and if it's you "denied" folder, redirect the user to either an error page or an allowed login page. Like this:
protected void frmLogin_LoggedIn(object sender, EventArgs e)
{
if (!User.IsInRole("AllowedRole") &&
InRestrictedArea(Request.QueryString["ReturnUrl"]))
{
Response.Redirect("Not-Allowed-Here.aspx");
}
}
Define InRestrictedArea to check if the requested area is where they aren't allowed.
I don't know where to find the documentation to support this. This answer is based on observation of the behavior I've seen io apps I've written.
The login page is exluded from the allowed access rules. It needs to be. Say you have a site where the whole site disallows anonymous users, even at the root level. The users need to be able to access the login page to be able to log in.
To resolve your dilemma you would need to add a label (I would call it lblError) and in your Page_Load, add the following (C# example code):
if(User.IsLoggedIn)
{
If(!User.IsInRole("AllowedRole")
{
lblError.Text = "Access denied.";
}
}
Added
Gving this more thought, the reason there is no error in the login page is that the error is happening when the user attempts to access the protected page, not within the login page.
However, I believe my suggestion will work for your situation as well.