Is it possible?
It means i hope to create the widget to paste it at different pages on a site(or even in the master mage) to give users ability to quick login. Is it possible or all pages when login accessable have to be enumerated like this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
As long as the page allows anonymous access, I don't see why this would be a problem. Just put a username/password field on the page and use the API to log them in:
if (Membership.ValidateUser(username, password))
{
FormsAuthentication.SetAuthCookie(username, true / false);
}
EDIT: You probably want to SSL any page with a password field on it.
Related
I have an mvc 4 application and I want to redirect to the login screen when the session times out.
Any idea how to do this?
Thanks
Add in web.config file
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" defaultUrl="~/" />
</authentication>
I think it will help too.
Did you try with creating your ActionFilterAttribute ?? Action filters allow you to overide OnActionExecuting and it calls before an action method and this can be applied to any of your controller and then write code in there to check for the expiration of a session. Try this I think it can help.
Had to do the following to fix this
Change the web config for the session worked
I was overriding the cookie on the Application_PostAuthenticateRequest event and had to update the expiry date.
set the form authentication to
httpOnlyCookies="true"
added javascript setInterval to pop up after 4 mins and call the logout script. abandon the session and log the user off
Seems to be working now.
I want to use my own Login Page for authentication, but it is giving me this error
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Account/PasswordLock
Anyone knows why?Here is my code, I created a new page called PasswordLock.aspx with a login tool in it. everything works fine with the original Login form, but not mine own.
<authentication mode="Forms">
<forms loginUrl="~/Account/PasswordLock" timeout="2880" />
</authentication>
while this will work fine
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Thanks
In ASP.NET MVC, your URLs don't map to files; they map to actions. So, having a file at ~/Accounts/PasswordLock.aspx doesn't help. What you need is a route for that URL. The routes are usually set up in a file called RouteConfig, under the App_Start folder, executed by the Application_Start() method in Global.asax. The usual default route looks like this:
routes.MapRoute(
name: "default",
routeTemplate: "{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional });
This means that a URL that goes www.example.com/Accounts/PasswordLock will map to a controller called AccountsController, and a method on that controller called PasswordLock. This method should return a View which by default will be called PasswordLock.cshtml. Note that the new Razor v2 view engine uses .cshtml files rather than .aspx.
This is all pretty fundamental to ASP.NET MVC programming; it sounds rather like you're jumping in blindly. I'd strongly advise reading the tutorials at www.asp.net/mvc, particularly the ones on controllers and routing.
I'm using Forms Authentication for an internal company website. I authenticate users against the local Active Directory server.
I have my Web.config file set up as follows:
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Login" timeout="30" slidingExpiration="true" protection="All" defaultUrl="/" />
</authentication>
This works fine as long as a user moves to a new page, or refreshes the page they're on. However, much of my UI is based on javascript templating and AJAX, so it's quite possible for a user to be working on a page for longer than 30 minutes.
So, how do I query and/or extend how much time they have remaining in their session via an AJAX call? I don't need help with the AJAX call, just what I'd put in a controller (such as /user/keepalive)
I have tried searching for this and can't find anything.
I want users to have a true SSO experience. Meaning they login to their computer and when they hit a web app that we have set up trust with in ADFS they are taken straight to that website. Right now no matter what they are taken to the ADFS forms login page. We only want the forms login page to appear if the user is not already connected to the network. Otherwise, ADFS should recoginize that the user is on the network and use the windows authentication.
What do I have to change in ADFS to make this happen?
In ADFS web.config, what order do you have for:
<localAuthenticationTypes>
<add name="Integrated" page="auth/integrated/" />
<add name="Forms" page="FormsSignIn.aspx" />
<add name="TlsClient" page="auth/sslclient/" />
<add name="Basic" page="auth/basic/" />
</localAuthenticationTypes>
Is Forms on top?
Are these users on the internet or intranet?
Do you use an ADFS proxy?
One option is to add a handler for the RedirectingToIdentityProvider event by placing the code just below this paragraph in your global.asax. This gives you a chance to jump in before the browser is redirected to ADFS and modify what the request (query string) looks like. You can do this to specify authentication types, or home realms (if you have multiple federations and want to skip HRD), and probably a lot of other stuff I don't know about.
void Application_Init()
{
FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider += new EventHandler<RedirectingToIdentityProviderEventArgs>(WSFederationAuthentication_RedirectingToIdentityProvider);
}
Then you would add code to your handler that might look something like this:
void WSFederationAuthentication_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
WSFederationAuthenticationModule instance = FederatedAuthentication.WSFederationAuthenticationModule;
SignInRequestMessage request = instance.CreateSignInRequest(Guid.NewGuid().ToString(), instance.Realm, true);
request.AuthenticationType = "urn:federation:authentication:windows";
Response.Redirect(request.WriteQueryString());
}
When you set the request.AuthenticationType to that value, you're telling ADFS that you want to do windows (integrated) authentication. This was all that was required for me to get it to work. I didn't have to bother with switching the order of the authentication types in the web.config as nzpcmad suggested.
Also, for this to work, IIS and your web browser are working some magic outside of AD FS and your relying party, so in IE your users have to go to tools > Internet Options > Security and add the site to your Local Intranet sites. There's probably a way to push this out with group policies or something, but that's another question. Anyway, now that I think of it, this may be the only step you're missing.
Let me try to explain this in english :).
I'm having trouble with the authentication in Mvc. I use my layout page to login and to show the other partial views with content.
I decorated the login methods with <AllowAnonymous()> _ to let people login into the page and in my webConfig i have the following entry:
<authentication mode="Forms">
<forms loginUrl="~/" timeout="2880" />
</authentication>
What's happening is when the session expires, the partial view renders the entire page again and i get the entire page twice (one inside the content).
Any help?
You may checkout the following article from Phil Haack which illustrates a nice technique allowing you to prevent the forms authentication module to automatically redirect to the LogOn page but return 401 status code. This could be done conditionally only for AJAX requests. And since the server now returns 401 status code you could detect it on your client side AJAX call and act accordingly.
Thks for the answer, but i solved my problem with the following post :
C# MVC: How to override configured authentication redirect?