I have the following setup in my Web.Config:
<authentication mode="Forms">
<forms loginUrl="Landing/Login.aspx" defaultUrl="~/Member/Dashboard.aspx">
<credentials passwordFormat="SHA1"></credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
This correctly redirects when testing on locahost, but when published to Azure, logging in just redirects to http://mysite.azurewebsites.net/ and not http://mysite.azurewebsites.net/Member/Dashboard.aspx as described in the Web.Config. Interestingly enough, however, trying to navigate to a page without logging in correctly redirects to the defined loginUrl="Landing/Login.aspx". Should I be using the FQDN in this case for the defaultUrl? Are forms authentication not setup on IIS of my Azure server? Please advise.
Related
I have an ASP.NET WebForms application that was installed on IIS6 and working fine for quite some time. We are attempting to move that application to an IIS7 site, and the forms authentication is not working.
I am NOT using the Microsoft out of the box login control.
I am redirected properly to the login page. When I enter the credentials, the logging indicates that the credentials were correct. The code then redirects to the ReturnUrl query string value as expected. The cookie appears to be correctly created in the browser.
However, when the browser GET's the ReturnUrl, it redirects again to the login page.
web.config entry for the protected page:
<location path="HomeScreen.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow roles="trm_members" />
<allow roles="trm_clients" />
<deny users="*" />
</authorization>
</system.web>
</location>
web.config entry for authentication:
<authentication mode="Forms">
<forms name=".ASPNETAUTH" loginUrl="Account-Registration/Account-Login.aspx" protection="None" timeout="30" />
</authentication>
I am using FormAuthencation in my current web application with ASP.NET 4.5. I have placed a check on Login page if (User.Identity.IsAuthenticated){ } then redirect to main page , but strange without even login i am getting User.Identity.IsAuthenticated = true i do not understand why that giving true.
Web.Config
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" name=".ASPNETAUTH" defaultUrl="~/Account/Welcome.aspx" protection="All" timeout="30" path="/"></forms>
</authentication>
Thanks
Ravi Mittal
If this is published in IIS, you need to disable anonymous access via IIS (you can see how to do that on this page).
It would also help to make sure the <authorization> section of your web.config has something like this:
<authorization>
<deny users="?"/>
</authorization>
This will block "unauthorized" users from your app.
I'm using Membership Provider for create and manage users and roles in my site. I'm trying to restric access to a specific roles to the Account folder using web.config into this folder with this rule:
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*" />
</authorization>
</system.web>
I'm using Web Forms and forms authentication like show below:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" defaultUrl="~/" />
</authentication>
But when I try to access to page located into Account folder I'm getting:
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. Below a picture with the error:
How can I do for redirect to Login when the user try to access to unauthorized folder or url?
You are accessing the Login.aspx like /Account/Login/Default.aspx which doesn't exist.
Shouldn't that be ~/Account/Login.aspx?
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
How to debug?
Make sure you can access Login.aspx properly.
Then paste that URL inside form tag in web.config like above.
I've a strange issue with a .NET 4.0 website published on IIS6.
It implements the Forms Authentication, and in my Web.Config I've something like:
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="2880" name="AUTH_TOKEN" />
</authentication>
<authorization>
<allow roles="__AUTHUSER__" />
<deny users="*" />
</authorization>
And I've the Default.aspx setted as default document in the website.
If I try to access the www.site/default.aspx it redirects me to the www.site/login.aspx?ReturnUrl=%2fDefault.aspx
And it is fine.
The problem is that if I try to access www.site/default.aspx?ReturnUrl= it gave me a 401.2 error page: not authorized.
It's happening that this is a rebuild of an intranet application and many users actually (for some reason) have the www.site/default.aspx?ReturnUrl= url saved in the bookmarks... so I need to get it work.
Any ideas?
We are getting a null reference exception from the following line in iis 7.5
if (!User.Identity.IsAuthenticated)
we are using forms authentication and also have anonymous authentication enabled. This works just fine in iis 7. Following is our configuration in web.config
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="/Auth/Login" defaultUrl="/" timeout="600" path="/" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<identity impersonate="true" />
This form authentication option also doesn't show up under iis site authentication configuration for this site. The only options I see there are Anonymous Authentication and ASP.NET Impersonation.
So, maybe it is not reading from Web.config for some reason? Any help is greatly appriciated.
This is fixed. I saw that the site didn't have references to FormsAuthentication and Anonymousidentificationmodule. I ran aspnet_regiis -i for asp.net 4.0 and now the site works fine.