Now I read a book "ASP.NET MVC5" by Freeman and I try to create authentification window. But I've changed file Web.config like in the book and have error.
<system.web>
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
<credentials passwordFormat="Clear"> <!-- Error -->
<user name="admin" password="secret" />
</credentials>
</authentication>
</system.web>
Error: authentication does not contain element credentials.
Your credentials element should be within your forms element. Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880">
<credentials passwordFormat="Clear"> <!-- Error -->
<user name="admin" password="secret" />
</credentials>
</forms>
</authentication>als>
Related
I have been able to do this transition for the session cookie but not for the login cookie
and I have the following web.config
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
if I change cookieSameSite="None" to cookieSameSite="Lax" or strict. I can see that the change takes place, but it seems to still have the old behavior of not emiting the samesite value when set to None
I'm using .net framework 4.7.2 and have installed the server update that allowed me to do the session with samesite=none
turn out I was missing sameSite="None" <httpCookies
so now I have : <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
I have this in my web.config:
...
<system.web>
<sessionState mode="InProc" timeout="30" cookieless="UseCookies" />
<authentication mode="Form">
<forms loginUrl="http://myurl" path="/" cookieless="UseCookies" slidingExpiration="true" requireSSL="true" />
</authentication>
...
How can I get the value of loginurl at runtime?
System.Web.Security.FormsAuthentication.LoginUrl
Gets the URL for the login page that the FormsAuthentication class
will redirect to.
Details at MSDN.
I want to log a user into an ASP.NET MVC site, and the session expires abnormally quickly, in minutes. I want the session to hold for days instead. Authentication is done using System.Web.Security:
FormsAuthentication.Authenticate(username, password);
My web.config looks like this:
<system.web>
<customErrors mode="Off" />
<httpRuntime targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="86400"
slidingExpiration="true"
defaultUrl="Day/ListDays"
path="/"
protection="All"
requireSSL="false"
cookieless="UseDeviceProfile"
domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="Clear">
<user name="user" password="-" />
</credentials>
</forms>
</authentication>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>
I am using VS 2012 , I want to implement folder level user authentication and authorization, i have following folder/files structure.
Following is Admin -> Web.congfig file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path="~/Admin/Admin.aspx"></location>
<system.web>
<authorization>
<deny users="*"/>
<allow users="Admin"/>
</authorization>
</system.web>
</configuration>
When i compile the application it gives me the following error message.
Error: 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. E:\Kjan\Reports\Admin\Web.config 5
You can not use
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
In you inner web.config file.
Use this on root folder and <user name="Admin" password="abc"/> in your inner web.config file.
Some useful links
Multiple/Different authentication settings in web.config
If you are woking on different Areas then MVC
Different authentication mode for different areas
try this
select Menu Build->Configuration Manager select Build checkbox
I'm trying to avoid the ASPNETDB.mdf file to be added to my project.
I have this in my config file:
<authentication mode="Forms">
<forms loginUrl="login.aspx" defaultUrl="Default.aspx" protection="All">
<credentials passwordFormat="Clear">
<user name="admin" password="Qwe456"/>
<user name="Murergruppe" password="2012m"/>
<user name="Skift-a" password="2012a"/>
<user name="Skift-b" password="2012b"/>
<user name="Skift-c" password="2012c"/>
<user name="Skift-d" password="2012d"/>
<user name="Skift-e" password="2012e"/>
</credentials>
</forms>
</authentication>
Then i've turned of the creation of ASPNETDB.mdf in machine.config
then it says it can't find the file. then I add:
<membership>
<providers>
<clear />
<add type="Personal.Providers.WebConfigMembershipProvider" name="WebConfigMembershipProvider"/>
</providers>
</membership>
But then it says the default provider must be specified. What to do when i don't have any other providers?
<membership defaultProvider="WebConfigMembershipProvider" userIsOnlineTimeWindow="20">
<providers>
.....
You may specify the default one.