It seems that the FormsAuthenticationModule gets handled first. This module is normally earlier than any custom module in the ASP.NET pipeline, so when AuthenticateRequest is fired, FormsAuthenticationModule will get called first, do its job and then your module’s event handler will be called. If you really want to dig deep into this, I suggest trying … Read more
It depends on how the website is authenticating users. If they are using basic authentication or Windows authentication, then you can set the Credentials property of the HttpWebRequest class to the username/password/domain information and it should work. However, it sounds like you have to enter the username/password on the site, which means you are going … Read more
In Startup.Auth.cs, you will see something like: for RC: app.UseSignInCookies(); This was removed in RTM and replaced with the explicit configuration of the cookie auth: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString(“/Account/Login”) }); The CookieAuthenticationOptions class has a CookieDomain property which is what you are looking for I believe.
Impersonating a user using Forms Authentication can be done. The following code does work. The Visual Studio Magazine article referred to by Robert is an excellent resource. There are a some issues with the example code in the article, so I’ve included some working code below. Note: If you are using Visual Studio, make sure … Read more
Take a look at the example on MS Support <configuration> <system.web> <authentication mode=”Forms” > <forms loginUrl=”login.aspx” name=”.ASPNETAUTH” protection=”None” path=”https://stackoverflow.com/” timeout=”20″ > </forms> </authentication> <!– This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. –> <authorization> <deny users=”?” /> </authorization> </system.web> <!– … Read more
See the summaries below each quote for a quick answer, and the paragraphs for detail. Also see the References section at the end for the authoritative sources. Summaries 1.What is SimpleMembership/SimpleMembershipProvider (WebMatrix.WebData) and what is it/are they responsible for? SimpleMembership (a term that covers both the SimpleMembershipProvider and SimpleRoleProvider) is responsible for providing a clean … Read more
Roles are added to the IPrincipal of the HttpContext. You can create a GenericPrincipal, parse the list of roles in the constructor and set it as HttpContext.User. The GenericPrincipal will then be accessible through User.IsInRole(“role”) or the [Authorize(Roles=”role”)] attribute One way of doing this (in C#) is to add your roles as a comma separated … Read more
This was my solution: In Global.asax, method: Application_BeginRequest, place the following: if (Request.AppRelativeCurrentExecutionFilePath == “~/”) HttpContext.Current.RewritePath(“HomePage.aspx”); Nice and simple, and you have a chance to build logic around what home page you want to use if your website uses multiple home pages based on configuration variables. Dmitry.Alk
This is the nature of Forms Authentication. (which im guessing you’re using). That is, when you access a page which requires authentication, ASP.NET will redirect you to the login page, passing in the ReturnUrl as a parameter so you can be returned to the page you came from post-login. To remove this functionality would break … Read more
What you’re after is a Single Sign-on solution. As ASP.NET authentication is at it’s heart generally cookie based, there are two things to look at: Set your cookies correctly. Bounce your users to the alternative domain during signup. Looking at both of these in more depth: 1. Setting cookies correctly You need to ensure that … Read more