I have one mvc5 application with few subdomains like this:
example.com
ex1.example.com
ex2.example.com
When I log in to example.com i'm not logged in other subdomains. I added in web.config following node:
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="~/Account/Login/" protection="Validation" timeout="120" path="/" domain=".example.com"/>
</authentication>
But it still doesnt work :(
Please help.
Check that you are using the same machine key for for each of the applications in the subdomains. Also you may need to set the machine key compatibility mode to Framework20SP2.
Edit:
Take a look at this post as well: ASP.NET Identity Cookie across subdomains
Related
I have a site on IIS configured to use Windows Authentication type.
What I need to do is to have ability to skip displaying Windows credentials prompt for users which are connecting outside the domain. In the case of outside access I need to redirect user to custom login page on the same site (based on Windows Authentication).
Can you please tell me if there any ability to do that?
UPDATE : site on IIS configured to use Windows Authentication type - and it shouldn't be changed
Change authentication mode your web.config
Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I would like know how SetAuthCookie works for different application on same server?
Currently I have two similar applications with different virtual directories.
How can I make it so that if I login to one of them then it doesn't ask me for login on the other application, and the same for logout?
It is possible if both applications are hosted on the same top level domain. You should specify this domain in your web.config of both applications:
<forms
name="name"
loginUrl="URL"
defaultUrl="URL"
domain="example.com">
</forms>
This way the forms authentication cookie will be emitted with the domain property setup and the client will effectively send it between the 2 applications. Another pre-requisite is that both applications share the same machine keys so that an authentication cookie that was encrypted by the first application can be successfully decrypted by the second application. If both applications are hosted on the same server you could set those machine keys in machine.config, if not then you could set them in web.config of each application:
<system.web>
<machineKey decryption="AES" decryptionKey="C03B1AB0BC1ACCD18EA915CBD87373010AD0DEC430A69871,IsolateApps" validation="AES" validationKey="C0ED7C430148AD4BC6505085DA4FD0DD3EE2453B566FC4EA4C7B3C2DCAB2025A79C774370CA884DF909CE9A3D379E544B7890D0A1CEE164141D3A966999DC625,IsolateApps" />
</system.web>
I've also covered this in the following answer.
Even the post is old but there is an easy solution add "name" in the form tag in web.config, coz if you dont give a name to the cookie it will have a default one
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" name="client" />
</authentication>
for the other application put another name, it works perfectly with me. good luck
I use asp.net cookie in my application here is my web config :
<authentication mode="Forms">
<forms path="/"
defaultUrl="Default.aspx"
loginUrl="Login.aspx"
name=".ASPXAUTH"
slidingExpiration="true"
timeout="3000"
domain="www.mysite.com"
cookieless="UseDeviceProfile"/>
</authentication>
it works fine but I have a problem, after some days when a user has been working with the site application, suddenly my login control didn't work. I found out it will work after deleting temporary files.
Edit : Please pay attention to domain when User request www.mysite.com every thing is okay but without "www" login doesn't work. in firefox they are working very good. this is IE problem.
How I can solve this ?
It's about your Host and server (IIS Service provider), it seems like they change some default script files in your "aspnet_client\system_web\2_0_50727" folder like "WebUIValidation.js" or "SmartNav.js". Those are ASP.net default scripts. If you change your Host provider, you will see its working good and (Cross Browser).
Hi have form authenticaion for my site, and it works fine on localhost and godaddy, but after moving to another hosting it stop working.
After login in admin area after 2-3 minutes I redirecting back to login screen.
Does anybody know if I change some settings on IIS or what is the source of the problem?
My code looks like
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="10000" slidingExpiration="true"/>
</authentication>
FormsAuthentication.SetAuthCookie(userName, rememberMe);
If your application domain is being shut down and you have no machineKey section in Web.config (or validationKey/decryptionKey="AutoGenerate") you will get new validationKey/decriptionKey after every application start and authentication cookies will become invalid. Visit http://aspnetresources.com/tools/keycreator.aspx and add generated machineKey section into your Web.config.
I have <authentication mode="Windows"> in my web.config.
I do not want to create another solution with <authentication mode="Forms">, but I do need to allow external access to my intranet web app.
There is a way to allow Windows-Authentication-using-Form-Authentication described here
http://dotnetslackers.com/articles/aspnet/Windows-Authentication-using-Form-Authentication.aspx.
Unfortunately, for the above to work, I still need
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH">
</forms> </authentication>
Is there a way to have the second <authentication mode="Forms"> somewhere in my sln solution?
You should take a look at Microsoft ISA Server 2006. You can use it to enable Windows Authentication sessions through an html forms login page that stores a cookie on the client. To the ASP.NET web application, the user looks a Windows Authentication client. ISA Server maintains the mappings of forms authentication to Windows Authentication for you. I've worked on systems that use this with both SharePoint and ASP.NET Windows Authentication and it works great.