I have this section of my web.config file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx">
<credentials passwordFormat="Clear">
<user name="test#hotmail.com" password="12345" />
</credentials>
</forms>
</authentication>
</system.web>
I have tried to encrypt this section, but I get the object not set to an instance of the object error. This is the path that I called in the encryption class: system.web/authentication/forms/credentials
Any solution please?
Thanks.
If you're using IIS, make sure your site ID in IIS is set to 1 (Advanced settings).
Related
I have MVC web application that use roles in Authorization , Now i want to use SSO with it and other applications that may or may not use roles
I try simple implementation for SSO
<machineKey validationKey="E4451576F51E0562D91A1748DF7AB3027FEF3C2CCAC46D
756C833E1AF20C7BAEFFACF97C7081ADA4648918E0B56BF27D1699A6EB2D9B6967A562CAD14767F163"
decryptionKey="6159C46C9E288028ED26F5A65CED7317A83CB3485DE8C592"
validation="HMACSHA256" decryption="AES" />
<authentication mode="Forms">
<forms name="SingleSignOn"
loginUrl="http://localhost/SSO/Account/Login"
timeout="480" slidingExpiration="true">
<credentials passwordFormat="SHA1">
<user name="demo"
password="89e495e7941cf9e40e6980d14a16bf023ccd4c91"/>
<!--password = demo-->
</credentials>
</forms>
</authentication>
I follow this steps LINK
I am using VS 2012 , I want to implement folder level user authentication and authorization, i have following folder/files structure.
Following is Admin -> Web.congfig file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path="~/Admin/Admin.aspx"></location>
<system.web>
<authorization>
<deny users="*"/>
<allow users="Admin"/>
</authorization>
</system.web>
</configuration>
When i compile the application it gives me the following error message.
Error: 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. E:\Kjan\Reports\Admin\Web.config 5
You can not use
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
In you inner web.config file.
Use this on root folder and <user name="Admin" password="abc"/> in your inner web.config file.
Some useful links
Multiple/Different authentication settings in web.config
If you are woking on different Areas then MVC
Different authentication mode for different areas
try this
select Menu Build->Configuration Manager select Build checkbox
I wanted to make my login as the default page before the user accesses the home page. This is my code.
<system.webServer>
<defaultDocument>
<files>
<clear/>
<add value="Login.aspx"/>
</files>
</defaultDocument>
</system.webServer>
Thanks! :)
just Right click on that page and click on set as start up page.
What you need to do is first establish the authorization and authentication mechanism. You can use FormsAuthentication and configure the settings in a web.config file. For example, to enable forms authentication you would set the following value in the config file:
<authentication mode="Forms">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile" domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>
Here you can see that loginUrl is set to login.aspx. This way, if a user is not authenticated, he or she will be redirected to login.aspx
This is much better approach than establishing your own logic for redirection to login or setting login.aspx as a start page.
I use url routing in my asp.net project, following is my route for product page.
RouteTable.Routes.MapPageRoute("product", "{language}/p/{type}/{no}/{product}", "~/Product.aspx", true);
expected result is as following.
http://xxxx.com/en/p/products/47.609.081.850.2720/yanmar-diesel-engine-720-hp-with-hydraulic-gear
and it works in development level, when i deploy the projects to the hosting server it works for a while as should be, but after a few hours the URI goes some thing like that
http://xxxx.com/(A(6jqh8an0ygEkAAAANTMzMWU2NjgtYTBiNi00ZTQ5LTllZWEtNjI1MGM2MDk5MmY4T_ZQLz3eoy3LgKYYSl0Gk_Sts-A1))/en/p/products/47.609.081.850.2720/yanmar-diesel-engine-720-hp-with-hydraulic-gear
IIS puts Uri on the http address but i never use something other than cookieless="UseCookies" in web.config file.
relevant sections of Web.config file :
<sessionState timeout="40" mode="InProc" cookieless="UseCookies" />
<anonymousIdentification enabled="true" cookieless="UseCookies"/>
<authentication mode="Forms">
<forms name="XXXFirmCookie" cookieless="UseCookies" loginUrl="~/LoginPage.aspx" path="/" protection="All" timeout="60" slidingExpiration="true" requireSSL="false" enableCrossAppRedirects="false" defaultUrl="Default.aspx"></forms>
</authentication>
The odd thing it works on host server for a while without putting uri on the http address.
Host server uses IIS 7.5 and framework is 4.0
Can you see any mistake on my routing code or web.config ?
Or should i check something on IIS ?
Thanks in advance..
Like the title states - I have a web.config file that looks like,
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="login" protection="All" timeout="30" loginUrl="login" defaultUrl="~/">
<credentials passwordFormat="Clear">
<user name="admin" password="password" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
I want to do exactly what it says it should do... I want to deny all users who try to enter the site.
It works however, it redirects to a "Account/Login?ReturnUrl=%2flogin" url I have never heard of...
Is there a place I can change this?
I've seen this problem before. No doubt you're also getting this error:
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
And you're being redirected to "/Account/Login" which doesn't even exist. I believe it's some kind of default that get's pulled in due to using MVC components even if you're using an ASP.NET Forms website. Perhaps you have some Razor pages and the following was added to your web.config:
<appSettings>
<add key="webpages:Enabled" value="true" />
</appSettings>
Having this in there seems to be enough to mess up your login page as defined normally:
<authentication mode="Forms">
<forms loginUrl="login" timeout="43200"/>
</authentication>
I've solved this by adding an extra "loginUrl" key to appSettings:
<appSettings>
<add key="webpages:Enabled" value="true" />
<add key="loginUrl" value="~/Login.aspx" /><!-- Override default -->
</appSettings>
The loginUrl param does not have an absolute path, so the path get mixed with the relative folder the website is.
Solution:
loginUrl="~/login"
or
loginUrl="/login"
The problem is
loginUrl="login"
This is the URL to send unauthenticated users to. If the URL to your login page is "Login.aspx" then thats what you should set it too.
loginUrl="login.aspx"
The piece at the end, ReturnURL, is the address to redirect the user to if they successfully login.
The LoginUrl is created with the code UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, loginUrl);, so I'm guessing somehow your root of your website is set to "Application".
http://www.ureader.com/msg/15372322.aspx