forms-authentication – Page 2

ASP.NET MVC 4 Web API Authentication with Membership Provider

September 2, 2022 by Tarik

You could use basic authentication with SSL. On the server side we could write a custom delegating handler which will verify the credentials by querying the memebership provider that we registered, and if valid, retrieve the roles and set the current principal: public class BasicAuthenticationMessageHandler : DelegatingHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) … Read more

Mixing Forms authentication with Windows authentication

September 1, 2022 by Tarik

Actually, you can do it. Bit late for @dr_draik, but this cropped up in a google result for me so I thought I’d share some knowledge. If you’re in classic mode – Enable both Windows and Forms auth. You’ll get a warning about not being able to do both at once, but you can ignore … Read more

Passing FormsAuthentication cookie to a WCF service

July 27, 2022 by Tarik

It sounds like you’re looking for the Windows Communication Foundation Authentication Service. EDIT: After re-reading the question more carefully (and after Ariel’s comment) I’d like to retract the above suggestion. The WCF Authentication Service won’t add much to this scenario. I haven’t done this between WCF and ASP.NET, however I have configured ASP.NET applications to … Read more

ASP.NET MVC Forms Authentication + Authorize Attribute + Simple Roles

July 24, 2022 by Tarik

I think I’ve implemented something similar. My solution, based on NerdDinner tutorial, is following. When you sign the user in, add code like this: var authTicket = new FormsAuthenticationTicket( 1, // version userName, // user name DateTime.Now, // created DateTime.Now.AddMinutes(20), // expires rememberMe, // persistent? “Moderator;Admin” // can be used to store roles ); string … Read more

Forms Authentication across Sub-Domains

July 8, 2022 by Tarik

When you authenticate the user, set the authentication cookie’s domain to the second-level domain, i.e. parent.com. Each sub-domain will receive the parent domain’s cookies on request, so authentication over each is possible since you will have a shared authentication cookie to work with. Authentication code: System.Web.HttpCookie authcookie = System.Web.Security.FormsAuthentication.GetAuthCookie(UserName, False); authcookie.Domain = “parent.com”; HttpResponse.AppendCookie(authcookie); HttpResponse.Redirect(System.Web.Security.FormsAuthentication.GetRedirectUrl(UserName, … Read more

Configuring Spring Security 3.x to have multiple entry points

July 2, 2022 by Tarik

You don’t need to create /j_spring_security_check_for_employee and /j_security_check_for_customer filterProcessingUrl. The default one will work just fine with radio button field idea. In the custom login LoginFilter, you need to create different tokens for employee and customer. Here are the steps: Use default UsernamePasswordAuthenticationToken for employee login. Create CustomerAuthenticationToken for customer login. Extend AbstractAuthenticationToken so that … Read more

How to lock down paths in ASP.NET MVC?

July 1, 2022 by Tarik

Take a look at Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute. You cannot use routing or web.config files to secure your MVC application (Any Version). The only supported way to secure your MVC application is to apply the Authorize attribute… Quote MVC uses routes and does not map URLs to physical … Read more

How to get the current user in ASP.NET MVC

June 14, 2022 by Tarik

If you need to get the user from within the controller, use the User property of Controller. If you need it from the view, I would populate what you specifically need in the ViewData, or you could just call User as I think it’s a property of ViewPage.

How to implement “Stay Logged In” when user login in to the web application

May 25, 2022 by Tarik

Java EE 8 and up If you’re on Java EE 8 or newer, put @RememberMe on a custom HttpAuthenticationMechanism along with a RememberMeIdentityStore. @ApplicationScoped @AutoApplySession @RememberMe public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism { @Inject private IdentityStore identityStore; @Override public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext context) { Credential credential = context.getAuthParameters().getCredential(); if (credential != null) { … Read more

FormsAuthentication.SignOut() does not log the user out

May 24, 2022 by Tarik

Users can still browse your website because cookies are not cleared when you call FormsAuthentication.SignOut() and they are authenticated on every new request. In MS documentation is says that cookie will be cleared but they don’t, bug? Its exactly the same with Session.Abandon(), cookie is still there. You should change your code to this: FormsAuthentication.SignOut(); … Read more