Subdomain cookie maintenance for Forms authentication website - authentication

I have a Server on Azure where an MVC4 web application is hosted. On the server I have added bindings for:
company1.mysite.com
company2.mysite.com
Within mysite an Admin user has the option to define custom styles for each of the subdomains. So to check the changes have been applied successfully. If the admin changes the URL from company1.mysite.com to company2.mysite.com they are redirected back to a login page. When I then attempt to log in with the same details it seems that there is some conflict in the cookies and I am unable to find the user details.
Is there anyway that I could preserve the login details for one subdomain and allow the user to simply change the URL to see if the changes had been supplied effectively. If not is there any way I can prevent this conflict on signing on to the other subdomain?

I think cookie domain must be specified in a proper way. Please, see this link

Related

Subdomain preserves cookies from main domain

I've set a cookie banner for a domain.com. It's a plugin for CMS. It works with user consent - blocking or giving permission to load a GTM script.
And I have an e-shop based on PrestaShop with a cookie banner plugin, which works with the same logic.
e-shop is placed on a subdomain.domain.com.
The problem: once a user grants consent on domain.com GTM cookies are loaded, the user clicks on a button leading to subdomain.domain.com (e-shop) and all previous cookies are loaded. What is not a good behaviour for a GDPR
So, is there an easy way to clear previous cookies?
Prestashop runs on Apache server
From MDN:
Domain attribute
The Domain attribute specifies which hosts can receive a cookie. If unspecified, the attribute defaults to the same host that set the cookie, excluding subdomains. If Domain is specified, then subdomains are always included. Therefore, specifying Domain is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user.
When setting your cookies, omit the Domain attribute.
This will prevent future cookies being applied to the subdomains (and will overwrite the old ones which were on the next visit which sets them).

Anonymous access to web site default doc

We have a web site in IIS 7, that has a default document (index.asp) set. The entire site uses basic authentication except the index.asp page. This is working correctly if I enter the domain with the actual page name (www.mysite.com/index.asp). However, without the page name (www.mysite.com) I am prompted for credentials, even though it is the same page.
I've tried various web config changes and tried it with anonymous user set to the app pool and the IUSR account and it doesn't work either way. I'm thinking maybe I need to enable and then configure URL rewriting for this site but I'm not positive.
If you need any other info let me know.
thanks!

Redirect user if not logged-in in Kentico

I am very new to Kentico CMS and started implementing the basics.
I have Login button webpart which redirect me to page say 'Welcome.aspx'.
Now, what I am struggling with is if directly open 'Welcome.aspx' without login,
it should redirect to another page. Can anyone please help me in doing this?
If I understood correctly, you want the Welcome.aspx to require users to log in. If so, you can achieve that by adjusting page's ACLs at Page -> Edit -> Security and setting the Website logon page URL at Settings -> Security & Membership.
You can either set the page to be accessible by certain roles or at least require authentication.
There is an example in Corporate sample site - in section Partners.
Assuming you are using the recommended Portal Engine development model, you can set the permissions of the page on the Properties>Security tab. There you'd add a role of not authenticated and set the property to deny. Also ensure you have a default "login" page set in the settings.

How does apache match authentication/authorization information with subsequent http requests from same user?

When you protect an area of your document root using either the server configuration or .htaccess, the server prompts for a username and password when someone requests those files from a browser. If the password matches the one from the authentication provider for that user, the documentation at http://httpd.apache.org/docs/2.2/howto/auth.html says that apache will set environment variables for that user. In my case I'm building a php app, and using phpinfo() I gather that the environment variables set are are REDIRECT_AUTHENTICATE_SAMACCOUNTNAME, AUTHENTICATE_SAMACCOUNTNAME (Using active directory as authentication provider), and REMOTE_USER. I believe this is what prevents the user from being prompted again and again on each subsequent request.
What I don't understand is how apache matches requests from a user with the environment variables set for that user, and also when and how it knows how to clear those variables. I doesn't appear to use cookies, because I cleared all the cookies for the domain in question, and still it doesn't ask me to reauthenticate unless I actually close the browser.
Ultimately I'm going to be working with php to get the userid and to maintain state, but since php is getting the information from the apache information, I'd like to know about that context, and I don't seem to be able to find these details. Thanks in advance.
Look at the http headers your browser is sending. After you have supplied a username and password, your browser will continue sending those details to that site until your browser session ends, or longer if you tell your browser to remember the credentials.

can't route /admin to user/login if not login in cakephp

i want to create a admin routing enabled program in cakephp and i had aleray enable
Route::Write(/admin,array('controller'=>admin_homes,'action'=>'index')) in route .php but when i type /admin it doesnot redirect me to my login page in users/login address so what is solution to this but if i custom go into my login page and login in then it will redirect to admin/admin_homes/index and then only using/admin will also take me to admin_homes/index
You want more than admin routing, you are looking for Authentication. That is what controls the login, not admin routing. Admin routing is for running the admin variation of specific methods.
Start here: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
If you are looking for a simple user management app with permission driven access, feel free to use the one I created and put out on github. https://github.com/cdburgess/SUM-Cake