I have a controller with [AuthorizeWebForm] attribute.
Now, If I am not login and I want to access that page, then it gives me
HTTP Error 401.0 - Unauthorized.
You do not have permission to view this directory or page.
Now, How can I Handle that with using [AuthorizeWebForm] attribute? If I am not logged-in and try to access that page, then it should redirect to Login page.
I got solution. I just put below code to my web.config. the session was already checked in custom error class. if session is null, then it is redirecting to login page.
<authentication mode="Forms">
<forms name=".SomeLoginCookie" loginUrl="~/Account/Login" timeout="2880" protection="All" enableCrossAppRedirects="true" />
</authentication>
Related
I tried to access the username DomainControlle
I succeeded with the following code
Request.ServerVariables.Get("logon_user");
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent()).Identity.Name;
with web.config
<authorization>
<deny users="?"/>
<allow users ="*" />
</authorization>
</system.web>
If the configuration code is not in the server, the code will not work
My problem is this. Internal users of the domain are working. Users outside the domain give an error. Unauthorized
I want to direct the domain's internal users to the next login page. And users outside the domain can see the login page
Thanks for your help
We recently converted a Framework 4.8 WebForms project that was using Forms Authentication to use Identity 2.0 Authentication and now we can't access default documents or images without allowing anonymous access.
Once authenticated with Identity, if you browse to a folder such as http://mysite/dashboard/default.aspx it works fine. However, if the default page is not in the path as in http://mysite/dashboard/ it returns 401.2 as though IIS needs permissions to server the page :
*Access is denied. Description: An error occurred while accessing the resources required to serve this request. The server may not be
configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server
configuration. Verify that you have permission to view this directory
or page based on the credentials you supplied and the authentication
methods enabled on the Web server. Contact the Web server's
administrator for additional assistance.*
We have <authentication mode="None"> which I understand is correct for this situation. IIS is configured to use default documents just as it was when we were using Forms Authentication.
We also deny unauthenticated users with the System.Web.Security.UrlAuthorizationModule:
<authorization>
<deny users="?" />
</authorization>
If we allow anonymous on the folder it does work but we don't what anonymous access on these locations.
<location path="Dashboard">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
So, how do you configure IIS to access default documents without 'allow anonymous' so it works like it did under Forms Authentication.
Thanks!!!
Try to add this to the System.Webserver section
<modules>
<remove name="FormsAuthentication"/>
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
</modules>
The key seems to be to remove the managedHandler Precondition from the FormsAuthentication module. As I understand it this is only supposed to optimize serving of static content.
Found that adding <modules runAllManagedModulesForAllRequests="true"> to the web.config resolved the issues. Not really sure why at this point. I did notice that the request for a static file did not include the user identity which was working before removing Forms Authentication. After adding this, the user identity started showing up in the request.
I created a new page, and set permissions to all users. On site settings set it as 404 page, but still get the system page for 404 errors.
Only works if Friendly Url Provider mode is set 'advanced' on web.config:
<friendlyUrl defaultProvider="DNNFriendlyUrl">
<providers>
<clear />
<add name="DNNFriendlyUrl" type="DotNetNuke.Services.Url.FriendlyUrl.DNNFriendlyUrlProvider, DotNetNuke.HttpModules" includePageName="true" regexMatch="[^a-zA-Z0-9 _-]" urlFormat="advanced" />
</providers>
</friendlyUrl>
Urls will be changed. Spaces will be replaced by "-" and aspx extension is removed.
My web application uses form authentication. It is working fine. But when I install 2 instances of the same application as virtual directories, I am able to log into both instances with the same cookie. Is there any way to keep it to a single virtual directory?
Here is my web.config.
<authentication mode="Forms">
<forms name="MyAppAuth" loginUrl="~/secured/login" protection="All" timeout="30" slidingExpiration="true" path="/">
<credentials passwordFormat="Clear">>
</credentials>
</forms>
</authentication>
I'm not sure what technology is being used here, but I would guess that the path="/" is used to create the cookie (you could probably use your browser developer tools to make certain). Try setting the path to the root of each webapp /app1 /app2
I have given anonymous access to my service. And I m able to access with out establishing credentials.
I wanted to make use session in wcf service, for this I m trying to use aspNetCompatibility Enabled to true in system.serviceModel. When I included this line, it is redirecting me to login page whenever I m requesting service.svc file. Any guess as to why it aspNetCompatibility Enabled overriding access policy? What should I do to overcome this?
Once the aspNetCompatibilityEnabled is true, the ASP.NET pipeline comes into the play and its authentication and authorization is dome. Check the system.web/authorization section in the web.config. Do you have deny users? If so, remove it. you may also try to add
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>