I use asp.net cookie in my application here is my web config :
<authentication mode="Forms">
<forms path="/"
defaultUrl="Default.aspx"
loginUrl="Login.aspx"
name=".ASPXAUTH"
slidingExpiration="true"
timeout="3000"
domain="www.mysite.com"
cookieless="UseDeviceProfile"/>
</authentication>
it works fine but I have a problem, after some days when a user has been working with the site application, suddenly my login control didn't work. I found out it will work after deleting temporary files.
Edit : Please pay attention to domain when User request www.mysite.com every thing is okay but without "www" login doesn't work. in firefox they are working very good. this is IE problem.
How I can solve this ?
It's about your Host and server (IIS Service provider), it seems like they change some default script files in your "aspnet_client\system_web\2_0_50727" folder like "WebUIValidation.js" or "SmartNav.js". Those are ASP.net default scripts. If you change your Host provider, you will see its working good and (Cross Browser).
Related
I have one mvc5 application with few subdomains like this:
example.com
ex1.example.com
ex2.example.com
When I log in to example.com i'm not logged in other subdomains. I added in web.config following node:
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="~/Account/Login/" protection="Validation" timeout="120" path="/" domain=".example.com"/>
</authentication>
But it still doesnt work :(
Please help.
Check that you are using the same machine key for for each of the applications in the subdomains. Also you may need to set the machine key compatibility mode to Framework20SP2.
Edit:
Take a look at this post as well: ASP.NET Identity Cookie across subdomains
I have a site on IIS configured to use Windows Authentication type.
What I need to do is to have ability to skip displaying Windows credentials prompt for users which are connecting outside the domain. In the case of outside access I need to redirect user to custom login page on the same site (based on Windows Authentication).
Can you please tell me if there any ability to do that?
UPDATE : site on IIS configured to use Windows Authentication type - and it shouldn't be changed
Change authentication mode your web.config
Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I have an ASP.NET MVC2 app using jQueryMobile. It is a secure app, and i'm using the ASP.NET authentication within the MVC2 framework.
I am using standard authentication via the web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I am securing certain controllers using the Authorize attribute:
[Authorize]
public class ClientController : Controller
All my web pages as based upon the same master page, which has a top-level container div as follows:
<div class="page" data-role="page">
It all works perfectly on Chrome. However, on the iPad the authentication does not work. It seems that the authentication cookie never gets stored on the client. The iPad keeps displaying the logon page, even if I type correct credentials. I have tried setting Safari Accept Cookies settings to 'Always' too.
Has anyone had any success deploying a jQueryMobile app using ASP.NET MVC2 authentication on an iPad? Thanks.
Edit: Ok, I have ascertained that the cookie is indeed being stored on the client, but it appears that jQueryMobile+Safari are somehow consipring to continually display the login page rather than redirecting me to the page that should be shown according to the logon redirect.
I believe I have the answer. With regard to the iPad, you need to specifically set web.config to force the use of cookies. My authentication setting in web.config now looks like this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"
cookieless="UseCookies"
/>
</authentication>
It is the cookieless="UseCookies" entry that solved the problem. The default value for this is UseDeviceProfile. It must have been the case that an iPad does not have a consistent UseDeviceProfile regime. On the iPad, sometimes it worked, sometimes it didn't. Don't ask me why. It now seems to be consistently working.
I agree with Journeyman, thats what I used. However if they add the website to the Homescreen, then these settings still do not work.
some have asserted they don't store the cookie in that case.
see related Q: iPhone/iPad WebApps don't allow cookies?
Hi have form authenticaion for my site, and it works fine on localhost and godaddy, but after moving to another hosting it stop working.
After login in admin area after 2-3 minutes I redirecting back to login screen.
Does anybody know if I change some settings on IIS or what is the source of the problem?
My code looks like
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="10000" slidingExpiration="true"/>
</authentication>
FormsAuthentication.SetAuthCookie(userName, rememberMe);
If your application domain is being shut down and you have no machineKey section in Web.config (or validationKey/decryptionKey="AutoGenerate") you will get new validationKey/decriptionKey after every application start and authentication cookies will become invalid. Visit http://aspnetresources.com/tools/keycreator.aspx and add generated machineKey section into your Web.config.
I've converted a web site to a web application and am now experiencing a strange behavior with the application. Essentially, there are 2 webs. One web site is the main, front-facing site written in ASP.NET 1.1 but with the Membership piece added from 2.0. The other is a former web site now grown up to a web application.
It seems as though when I login to the web site (project 1), I get properly redirected to the web app (project 2) properly. However, any link I click on sends me back to login on the web site (project 1). The machine keys are the same and all of the forms authentication properties are the same.
I've stopped IIS several times and deleted the files in the temporary folder and still no go. Very frustrating.
Here is an example of my forms element for my web app:
<forms domain="beta.domain.com" name=".ASPXAUTH" loginUrl="http://beta.domain.com/" protection="All" timeout="600" path="/" requireSSL="true" slidingExpiration="true" defaultUrl="https://beta.domain.com/app/" enableCrossAppRedirects="true"/>
Here is an example of my forms element for the web site:
<forms name=".ASPXAUTH" enableCrossAppRedirects="true" timeout="600" defaultUrl="/QueryStringAuthenticate.aspx" loginUrl="/" protection="All" slidingExpiration="true" cookieless="UseDeviceProfile" domain="beta.domain.com" />
Then on both I have the same machine key value specified. The QueryStringAuthenticate.aspx page in the web site hasn't changed. It still does the same thing it always did (obtain the cookie name [.ASPXAUTH] and cookie value [authentication token]).
I finally got it. It actually had nothing to do with the authentication itself, but rather the browser settings. Apparently, someone had modified our image file for dev machines to add the site in the trusted sites for HTTPS, but did not add it without the HTTPS. So, IE was dropping the connection somewhere. Either adding both with and without the HTTPS or removing those entries resolved the issue.