Develop Reference

How to deny users and redirect to login page when they type the same url in web page

After login I enter into the Librarianform. Now when I copy the url and paste it in new tab it's showing the page without login. So I want to redirect the users to login page when they copy and paste the url. How to do that.Can you please explain it. Thank you.

ASP.NET has a login mechanism you can use. To enable it, add the below in your web.config file. Change the loginUrl attribute to the path of your own login page.
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="28800" name="webappname" />
</authentication>
</system.web>
</configuration>
To create the ASP.NET authentication cookie you need to call the FormsAuthentication.RedirectFromLoginPage as you can see below
string username = "";
bool rememberme = true;
// Implement your own login mechanism and if the user is authenticated
// set the username to the variable and make this call below
FormsAuthentication.RedirectFromLoginPage(username, rememberme);
Finally, to logout a user you can simply call
FormsAuthentication.SignOut();
You can also see this link, which describes a similar mechanism

NO. YOU CAN'T MAKE USER TO LOGIN EVERY TIME WHILE REQUESTING PAGE
That's the way Authentication works in asp.net or in any web application so that user no need to authenticate for every page once he has been authenticated.
Hope you're using Forms Authentication. By default Form Authentication uses Cookies to store SessionID ,
You can use cookieless authentication by setting below values in web.config file
<configuration>
<system.web>
<sessionState cookieless="true"
regenerateExpiredSessionId="true" />
</system.web>
</configuration>
ASP.NET maintains cookieless session state by automatically inserting
a unique session ID into the page's URL.
https://msdn.microsoft.com/en-us/library/ms178581%28v=vs.140%29.aspx.
http://www.codeproject.com/Articles/2796/Cookieless-ASP-NET-forms-authentication

How to get the current logon user name in asp.net?

I have a web app, in the web.config, I have following settings:
<authentication mode="Windows"/>
<identity impersonate="true" userName="domain01\user01" password="***"/>
I deployed the app to Windows 2008 (IIS 7), the Identity of the application pool is domain01\user01, and in the Authentication of the app, I have following set:
Anonymous Authentication Disabled
ASP.NET Impersonation Enabled
Basic Authentication Disabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Enabled
Now I need to get the user name who is currently logged on the machine, could be any authorized user with different domain. But no matter what I tired, I always got the impersonated user domain01\user01. I tried, HttpContext, WindowsIdentity, etc. Does anybody know how do I get the correct user name without changing my settings?

You are specifying domain01\username as the identity that you want to impersonate. That is why the current user is always that. If you remove the configured identity you will get the actual logged in user.
<identity impersonate="true" />
This is documented here:
http://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.85).aspx

ASP.NET windows authentication should always ask for credentials

Problem statement :
I have implemented windows authentication on my website.
I have used following code in my web.config for authentication
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Now, the problem is that when I access the website, it takes the default ( windows) credentials and tries to login.
But I need that it should prompt the user for credentials so that user can enter domain-name\id and password of separate domain for authenticate (User will have VPN access to this other domain)

You can achieve this using Digest Authentication mode in IIS. Once enabled it will prompt always for UserName/Password to the end user.
You can read more about this type authentication here:
http://technet.microsoft.com/en-us/library/cc778868(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc754104(v=ws.10).aspx

Instead of using Windows Authentication use Forms Auth and check entered login and password in Domain.
There is a nice article on MSDN: How To: Use Forms Authentication with Active Directory in Multiple Domains

asp.net membership forms cookie not showing logged in across subdomains

we're using ASP.NET Membership for authentication at the root domain (www.domain.com) and the redirecting the user to a subdomain (sub.domain.com). When the user logins in from www they are being redirected to the login page on the subdomain when they should be showing as logged in instead.
Both the machine key and the forms element in the web.config are identical.
In the event log we get
Forms authentication failed for the request. Reason: The ticket supplied was invalid.
turns out it was a MS Security update that did it.
UPDATE
security update available

What's worked for me is to set the domain attribute of the forms element to be .domain.com. This should allow the user to log in on at www.domain.com and then be logged in when accessing sub.domain.com. I've tested this having hacked my hosts file and it works okay.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" domain=".domain.com" />
</authentication>

Asp.net and windows authentication

My application needs to be designed so that an administrator can, via a web interface select if their users login via windows authentication or forms authentication.
This means I cant specify the authentication mode in the web.config i.e.:
<system.web>
<authentication mode="Windows"/>
</system.web>
How do I approach this?

Use Forms authentication mode, whereby the login form can determine the user and the preferred authentication method for that user. If the user can be windows authenticated, you don't need to present the login form, just set the user as authenticated and redirect accordingly.