I've converted a web site to a web application and am now experiencing a strange behavior with the application. Essentially, there are 2 webs. One web site is the main, front-facing site written in ASP.NET 1.1 but with the Membership piece added from 2.0. The other is a former web site now grown up to a web application.
It seems as though when I login to the web site (project 1), I get properly redirected to the web app (project 2) properly. However, any link I click on sends me back to login on the web site (project 1). The machine keys are the same and all of the forms authentication properties are the same.
I've stopped IIS several times and deleted the files in the temporary folder and still no go. Very frustrating.
Here is an example of my forms element for my web app:
<forms domain="beta.domain.com" name=".ASPXAUTH" loginUrl="http://beta.domain.com/" protection="All" timeout="600" path="/" requireSSL="true" slidingExpiration="true" defaultUrl="https://beta.domain.com/app/" enableCrossAppRedirects="true"/>
Here is an example of my forms element for the web site:
<forms name=".ASPXAUTH" enableCrossAppRedirects="true" timeout="600" defaultUrl="/QueryStringAuthenticate.aspx" loginUrl="/" protection="All" slidingExpiration="true" cookieless="UseDeviceProfile" domain="beta.domain.com" />
Then on both I have the same machine key value specified. The QueryStringAuthenticate.aspx page in the web site hasn't changed. It still does the same thing it always did (obtain the cookie name [.ASPXAUTH] and cookie value [authentication token]).
I finally got it. It actually had nothing to do with the authentication itself, but rather the browser settings. Apparently, someone had modified our image file for dev machines to add the site in the trusted sites for HTTPS, but did not add it without the HTTPS. So, IE was dropping the connection somewhere. Either adding both with and without the HTTPS or removing those entries resolved the issue.
Related
I've a ASP.Net 4.5.2 Webforms Website that was running just fine. Since last two days, I 401 Unauthorized for all the static files. I've not made any changes to the website code. I tried re-installing IIS but still no success (IIS 10/Win10)
Here is the authentication block from my root web.config
<authentication mode="Forms">
<forms loginUrl="/l/login" timeout="28400" />
</authentication>
please open windows file explorer, add "Authenticated Users" to application folder security setting.
I have an ASP.NET MVC2 app using jQueryMobile. It is a secure app, and i'm using the ASP.NET authentication within the MVC2 framework.
I am using standard authentication via the web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I am securing certain controllers using the Authorize attribute:
[Authorize]
public class ClientController : Controller
All my web pages as based upon the same master page, which has a top-level container div as follows:
<div class="page" data-role="page">
It all works perfectly on Chrome. However, on the iPad the authentication does not work. It seems that the authentication cookie never gets stored on the client. The iPad keeps displaying the logon page, even if I type correct credentials. I have tried setting Safari Accept Cookies settings to 'Always' too.
Has anyone had any success deploying a jQueryMobile app using ASP.NET MVC2 authentication on an iPad? Thanks.
Edit: Ok, I have ascertained that the cookie is indeed being stored on the client, but it appears that jQueryMobile+Safari are somehow consipring to continually display the login page rather than redirecting me to the page that should be shown according to the logon redirect.
I believe I have the answer. With regard to the iPad, you need to specifically set web.config to force the use of cookies. My authentication setting in web.config now looks like this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"
cookieless="UseCookies"
/>
</authentication>
It is the cookieless="UseCookies" entry that solved the problem. The default value for this is UseDeviceProfile. It must have been the case that an iPad does not have a consistent UseDeviceProfile regime. On the iPad, sometimes it worked, sometimes it didn't. Don't ask me why. It now seems to be consistently working.
I agree with Journeyman, thats what I used. However if they add the website to the Homescreen, then these settings still do not work.
some have asserted they don't store the cookie in that case.
see related Q: iPhone/iPad WebApps don't allow cookies?
I use asp.net cookie in my application here is my web config :
<authentication mode="Forms">
<forms path="/"
defaultUrl="Default.aspx"
loginUrl="Login.aspx"
name=".ASPXAUTH"
slidingExpiration="true"
timeout="3000"
domain="www.mysite.com"
cookieless="UseDeviceProfile"/>
</authentication>
it works fine but I have a problem, after some days when a user has been working with the site application, suddenly my login control didn't work. I found out it will work after deleting temporary files.
Edit : Please pay attention to domain when User request www.mysite.com every thing is okay but without "www" login doesn't work. in firefox they are working very good. this is IE problem.
How I can solve this ?
It's about your Host and server (IIS Service provider), it seems like they change some default script files in your "aspnet_client\system_web\2_0_50727" folder like "WebUIValidation.js" or "SmartNav.js". Those are ASP.net default scripts. If you change your Host provider, you will see its working good and (Cross Browser).
Previously, I have implemented two separate ASP.NET Web Applications, one as a virtual application in a subfolder of the other, which successfully shared forms authentication as described at http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
(basically, setting up identical <forms> sections in the Web.config, and keys in the <machineKey> section)
Now, I am trying to do something similar to get BlogEngine.NET (which is a Web Site, not a Web Application) to work sharing forms authentication with a Web Application of mine. I have tried both putting it as a virtual application in a subfolder, and setting it up as a separate IIS site (same domain name, different port number), but I can't get the authentication to work at all: when I go to the blog while logged in to my Web Application, Page.User.Identity.IsAuthenticated is always still "false".
I'm really not sure how to even start debugging this, since the forms authentication is handled before any of my code runs.
<authentication> section of the two Web.configs are the same:
<authentication mode="Forms">
<forms path="/" domain="localhost" timeout="129600" name=".WebSiteName"
protection="All" slidingExpiration="true" loginUrl="/admin/login.aspx"
cookieless="UseCookies"/>
</authentication>
And <machineKey> also:
<machineKey validationKey="DD45C42ACEAF1E208E9B78288177EBF9C8C7C54C6D05BA2FBA90B5348B8F6987216CB098056891CFE81DC33E37C5F9A2BF1845DBF902C6E4BBFEC2341FFA3635"
decryptionKey="0C69852D8BE0948D545C35B932D394102802FAF7FA46E99B4E5B5E12546E4620"
validation="SHA1" decryption="AES" />
Does anyone have any suggestions as to what I should check or try?
This was a good resource for this issue: http://blogs.msdn.com/b/cliffgreen/archive/2011/03/29/reporting-services-single-sign-on-sso-authentication-part-1.aspx
Note there are links within this article that are useful to read.
I'm running the latest version of YetAnotherForum in a folder beneath my main WebApplication. The subfolder is configured as an application in IIS and navigating to the folder and logging in works wonderfully. YAF is setup with a membership provider and uses Forms Authentication.
What I'm trying to do now is to auto login a user into the forum from the main website. The main website uses custom authentication through sessions and cookies. It doesn't use any of the built in ASP.NET authentication or membership components.
So basically what I want to happen is that when a user click on a link to access the forums, they're sent to a processing page that authenticates them into the YAF Application before it sends them over to the subfolder.
Even though the main app doesn't use the built in authentications pieces, I've still set the authentication mode to forms and made sure the tag beneath that matches the one in the YAF web.config. Then, on the processing page I'm calling FormsAuthentication.SetAuthCookie(username, true), then redirecting. But YAF kicks me back to the login page anyway. Not sure where to go from here.
Main site is:
example.com/
web.config:
<authentication mode="Forms">
<forms name=".YAFNET_Authentication" protection="All" timeout="43200" cookieless="UseCookies" />
</authentication>
YAF is:
example.com/yaf (Seperate WebApplication in IIS)
web.config
<authentication mode="Forms">
<forms name=".YAFNET_Authentication" protection="All" timeout="43200" cookieless="UseCookies" />
</authentication>
Processing page is: (in pseudo)
example.com/autoLogin.aspx.cs
public void AutLogin(){
string userName = doStuffToGetUsername();
YAFStuff.CreateUserIfNeeeded(userName);
FormsAuthentication.SetAuthCookie(userName, true);
Response.Redirect("/yaf/");
}
I'd been searching Google for 2 days trying to sort this out, but I finally stumbled onto the solution. I needed a MachineKey that matched on both web.config files for the encryption process.
http://forum.yetanotherforum.net/yaf_postst8780_Custom-membership-and-role-provider-with-YAF-Profile-provider.aspx
Sweet!