I have two web applications on old server with IIS 6 with SSO and it works perfect. Now I have new server with IIS 7 and after migration web applications SSO stopped working - when I try go to second application Login page is shown again...
Can somebody tell me what i doing wrong or what I don't know?
here is first web.config
<authentication mode="Forms">
<forms loginUrl="LoginR.aspx" timeout="20" />
</authentication>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validation="SHA1" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
and second web.config
<authentication mode="Forms">
<forms loginUrl="Http://NEWServerName/FirstAppName/LoginR.aspx" timeout="20" protection="All" path="/" domain="XXX" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
Set application pools to integrated mode.
Related
I have two applications in the same domain: mydomain/app1 and mydomain/app2, and I need to share authentication between them. One app is in Asp.Net WebForms, and the second is using WebApi2.
I configured web.config like below:
App1:
<authentication mode="Forms">
<forms loginUrl="/Login.aspx" defaultUrl="/Default.aspx" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
App2:
<authentication mode="Forms">
<forms loginUrl="/index.html" defaultUrl="/index.html" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
I am signing into app1 and observe the cookie content.
Then I am requesting an URL from app2 in another browser tab. The cookie (name and content) in the second tab is the same as in the first one.
I expect that the request from the second tab to be authenticated by the app2 since the cookie is already authenticated by the app1.
Yet, this is not happening, and I am redirected to the login page of app2.
As suggested by the OP, here is the answer that works in that case.
They've changed the cookie encryption between 4 and 4.5. You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key config node.
https://social.microsoft.com/Forums/en-US/1791c5e3-4087-4e92-a460-51c5c4221f49/any-forms-auth-changes-in-45?forum=Offtopic
I am using following configuration in my web.config file
<system.web>
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="Defautl.aspx" protection="All" path="/" timeout="30" />
</authentication>
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
But when I am running the code I get an error
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.
As I running it from local host so I am not sure why this error is happening.
If I disable Windows Authentication from project property the above error shows up. If I enable this then I can view any page inside my application without login.
I have commented the code ConfigureAuth inside Startup class.
Edit 1: I have gone through this link
Try This..
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms" lockItem="true">
<forms loginUrl="Login.aspx" name="frmL" slidingExpiration="true" protection="All" defaultUrl="Default.aspx" path="/"/>
</authentication>
</system.web>
<location path="YourDirectoryForAuthorizedUsers">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I am using VS 2012 , I want to implement folder level user authentication and authorization, i have following folder/files structure.
Following is Admin -> Web.congfig file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path="~/Admin/Admin.aspx"></location>
<system.web>
<authorization>
<deny users="*"/>
<allow users="Admin"/>
</authorization>
</system.web>
</configuration>
When i compile the application it gives me the following error message.
Error: 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. E:\Kjan\Reports\Admin\Web.config 5
You can not use
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
In you inner web.config file.
Use this on root folder and <user name="Admin" password="abc"/> in your inner web.config file.
Some useful links
Multiple/Different authentication settings in web.config
If you are woking on different Areas then MVC
Different authentication mode for different areas
try this
select Menu Build->Configuration Manager select Build checkbox
my site (ASP.NET webForm ) log out with out user request , user forced to login page and interrupt his work ? please advice ...
this line from my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880" />
</authentication>
Try increasing the Session timeout value, by default this is 30 minutes.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="3000" />
</system.web>
I want to authenticate users using active directory..but when i want to login it fails.
this is my web.config:
<add name="ADConnectionString" connectionString="LDAP://IPAddress/CN=Users,DC=domain,DC=net"/>
<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="10" loginUrl="Login.aspx" defaultUrl="Default.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<membership defaultProvider="DomainLoginMembershipProvider">
<providers>
<add name="DomainLoginMembershipProvider", connectionStringName="ADConnectionString" enableSearchMethods="true" connectionUsername="domain.net\myuser" connectionPassword="mypassword"/>
</providers>
</membership>
and also when I use asp.net configuration to see the users, there is only one user, domaincontroller#domain.net and when I search active directory in windows there is not any domaincontroller#doamin.net...please help me...why I cant at least authenticate through my username!?
Authentication with active directory means windows authentication, so first of all, you need to set
<authentication mode="Windows"> instead of <authentication mode="Forms">