I have a mvc 4 intranet application.
All pages ask for credentials, when i provide these the application tries to redirect to a login.aspx page
Please assist, this web application needs to login automatically based on Active Directory.
Been battling with this for 3 days now
First thing, if you are using windows authentication the page should not redirect to login page. It shows error message.
In web.config file modification:
<authentication mode="Windows" />
Comment the following lines
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
In visual studio select project name and click F4 then enable the following.
Windows Authentication
Anonymous Authentication
Place authorization filter globally or controller level.
Run the application.
Related
I'm new in asp.net world. I'm building asp.net mvc 4 web application. It has basic http authentication. At the beginning it ask user name and password. After authentication it start some view. During debug if successfully authenticated and continue debugging to some other view/controller. If I stop debugging or app crashes. For the next debug run it never prompt me for authentication. It takes to the view which comes after authentication. I suppose it caches my authentication from previous run. I try to find solution from net and found many suggestion such as :-
Restart iis
Remove cache files from c:\Windows\Microsoft.NET\Framework\v4.0.30319 and C:\Users\user\AppData\Local\Temp\Temporary ASP.NET Files
Modify web.config and rebuild, then lunch.
Remove browser cache.
Even restart pc doesn't help-
I tried all nothing is working. As I'm new I'm not sure is my web.config file has right configuration for HTTP basic authentication. Here it is:-
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<identity impersonate="true" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" >
</forms>
</authentication>
</system.web>
My environment windows 7, iis 7.5, visual studio 2012. Please advise me how can force authentication every time or start as in initial state. Thanks in advance!
It's the browser cookie that is letting you in as it's still valid for your application. Clear your browser cookies or start an in-private session.
I have an ASP MVC 4 application which uses a 3rd party HTTP module for security. When using Windows authentication it will attempt to automatically log you in, if that fails, then it will redirect you to a custom login page.
This has been working fine for previous ASP Webforms and MVC 2-4 applications, but for this particular application it is failing to automatically log the user in.
The application's virtual directory has all of the authentication modes disabled (anonymous etc) except for Windows authentication which is enabled. I have also checked that the provider is Negotiate and NTLM.
The web.config is a pretty standard one that you get from the MVC template and I have tried various web.config changes to system.web and system.webServer (and changing app pool's pipeline mode) such as:
<system.web>
<authentication mode="Windows"/>
and also adding
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
But in each case the security module cannot get the user name. The module attempts to get the user name via HttpContext.Current.Request.ServerVariables["REMOTE_USER"], but I have also modified it to use HttpContext.Current.User.Identity.Name and in both cases it is blank.
Since this module has been working fine for years and still works for other applications on the same server, I believe it is an IIS or Web.config configuration issue. I have tried creating a new virtual directory and it has the same error.
Is there any additional configuration required or another reason why it is not working for this particular application?
The solution was to add the following to my the appSetting section in my web.config
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
</appSettings>
This is the first time that I have needed to add such a thing, so I am not sure why it is necessary, but it does work.
I have developed one MVC application and hosted in server. I used Service Account as app pool identity and provided full access(SysAdmin) on database to that Service Account only. Below are my configurations in Web.config & coding.
Web.config:
<authentication mode="Windows" />
<identity impersonate="false"/>
In my Data Access layer I'm using below coding to get windows identity :
string windowsLogin = HttpContext.Current.User.Identity.Name.ToString();
Now my issue is, when I'm accessing my application it is taking app pool Identity instead of Windows identity.
if I set the identity in Web.config to impersonate="true" I'm able to get windows login but the communication between application and database happening with my windows login instead of app pool identity (service account).
How can I get the identity of the user accessing the application and not the IIS APPPOOL user?
My Issue got resolved with below settings.
Created app pool and run it as with service account and configure it to web site in IIS.
In My Code File:
string windowsLogin = HttpContext.Current.Request.ServerVariables["LOGON_USER"].ToString();
In Web.config file:
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="false" />
Note: It will give you an error if you run from Visual Studio IDE. If you publish and run it from IIS it will work.
I'm making a private-pages-only application in MVC4.
I successfully (almost successfully) created the login page using a custom Membership provider based on NHibernate and my domain's entities/repositories.
Every controller but AuthController is marked with [Authorize].
The webapp is supposed to redirect me to the login page when I'm not authorized. I created the whole app from scratch, so I know that nowhere I'll find the AuthController to be declared as landing URL for unauthenticated users.
How to tell MVC that?
Assuming you're using the built-in forms authentication, the URL goes into web.config, in the loginUrl attribute of the forms element.
http://msdn.microsoft.com/en-us/library/1d3t3c61(v=vs.71).aspx
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="/membership/login" />
</authentication>
</system.web>
</configuration>
This VS 2012 extension is meant to allow me to add a local Development STS to my MVC application http://visualstudiogallery.msdn.microsoft.com/e21bf653-dfe1-4d81-b3d3-795cb104066e
I follow the very simple instructions e.g. Right Click the project name and select Identity and Access in the menu. Select your Identity Provider and the OK to apply the settings to your web.config.
I run my MVC 4 application and it redirects immediately to login.aspx
I'm guessing there are special instructions for MVC 4.
What are they?
Where do I find them?
EDIT
To be clear I have created a ASP.MVC 4 Internet application in visual studio 2012. Then I am using the Identity & Access Tool to add a local development STS to Test my application.
I am running the site on a local IIS Express
When I debug the application I am redirected to
localhost:11378/login.aspx?ReturnUrl=%2f
This occurs even if I remove forms authentication as suggested in advice already given.
In my case I added this
<system.web>
...
<httpModules>
...
<remove name="FormsAuthentication" />
</httpModules>
</system.web>
and this
<system.webServer>
...
<modules>
...
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
EDIT
The next problem you might get is this
A claim of type
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
or
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider'
was not present on the provided ClaimsIdentity. To enable anti-forgery
token support with claims-based authentication, please verify that the
configured claims provider is providing both of these claims on the
ClaimsIdentity instances it generates. If the configured claims
provider instead uses a different claim type as a unique identifier,
it can be configured by setting the static property
AntiForgeryConfig.UniqueClaimTypeIdentifier.
add these 2 claims to the Development STS in the Identity and Access Tool
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider
and add this line to your Global.asax
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
This article helped me
Removing FormsAuthentication module worked for me.
<httpModules>
...
<remove name="FormsAuthentication" />
</httpModules>
I had a similar problem with my MVC4 application on local IIS Express.
It turned out that Windows Authentication was enabled for the project. Disabling Windows Authentication (in project properties pane -- press F4) fixed the problem.