I'm having a problem with Forms authentication in my website. At the moment when a user is not logged in they get redirected to a login page, which works fine. However, I want an unauthorised user to get redirected to a new page (welcome.aspx). Having changed the web.config I get the following HTTP Error 500.19 - Internal Server Error:
Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'redirect'
And here is the relevant part of my web.config:
<authentication mode="Forms">
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
If I set Visual Studio to use the Visual Studio Development Server instead of my Local IIS WebServer, it all works fine. Also if I rename welcome.aspx to login.aspx it works fine.
Any Help is appreciated.
Have you tried
<authentication mode="Forms">
<clear />
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>
Related
I have a site that uses forms authentication site wide, with some pages within as exceptions where they are allowed to be viewed with anonymous access. I want the default doc, index.aspx to be viewable via anonymous access. It grants me access if I specify index.aspx in the url, but if I type in the domain name only, I get redirected to connectionTest.aspx (the login page for the site). I have confirmed that index.aspx is the default doc. So there's something wrong with my web config entry for index.aspx
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="connectionTest.aspx" timeout="30" />
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="30" />
<authorization>
<deny users="?" />
</authorization>
<location path="~/index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Your issue is come because you did not have declare the domain on the form authentication. Because the authentication is base on cookie and you need to access it with out the www. in front you need to declare it as:
<authentication mode="Forms">
<forms name=".ASPXAUTH" domain="demo.com" loginUrl="connectionTest.aspx" timeout="30" />
</authentication>
when you set the domain with out the www. in front then all cookies from the domain are the same one, if you do not declare that, then each cookie is depends from the sub-domain and are different - so you logged out.
the same stands and for the cookie it self.
Similar answer : Multiple applications using same login database logging each other out
I have a OData web api on visual studio using the ADO.NET Framework. I am getting an authentication window on chrome, I removed the authorize parts from the controllers and web.config file, yet the window asking username and password is coming.
How to remove it ?
My web.config file has
<system.web>
<authentication mode="Windows">
<forms requireSSL="true" />
</authentication>
<authorization>
<allow roles="myService" />
<deny users="*" />
</authorization>
which I removed but still authentication window is opening. Thanks a lot for your help.
Use None as mode for authentication-Element. The default value when you do not specify anything is Windows. More information about ASP.NET Authentication can be found here
<authentication mode="None">
<!--<forms requireSSL="true" />-->
</authentication>
I have a website in UAT. My ASP.NET webpage works fine in Dev environment.
But for same webpage ASP calender does not pop up, Radio button lists changed index event won't get fired. Basically no button post back to server either.
More info after spending several hours trying to resolve this :
I removed the authentication part from my web.config file :
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30"
defaultUrl="Survey.aspx" protection="All">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
And now everything works. I am still stunned and have no clue why form authentication can cause this strange behavior.
I compared the IIS settings in both UAT and Dev and they seem to be identical.
I my case the form authorization was causing this.
I removed
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30"
defaultUrl="Survey.aspx" protection="All">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
From web.config and problem was fixed.
We are using ASP membership database to manage our websites security, and each website corresponding to one membership role. I made a portal site to list all the hyperlinks to these project websites (all the user within any role can log on to this portal site), and in the webconfig file, I list all the roles for every project website:
<authorization>
<allow roles="Administrators,ProjectId1_Member,ProjectId10_Member,ProjectId11_Member,ProjectId12_Member,ProjectId13_Member,ProjectId14_Member,ProjectId15_Member,ProjectId16_Member,ProjectId17_Member,ProjectId18_Member,ProjectId19_Member,ProjectId2_Member,ProjectId21_Member,ProjectId22_Member,ProjectId23_Member,ProjectId24_Member,ProjectId25_Member, "/>
<deny users="*"/>
</authorization>
But it works for the user to log on to the Portal site. But if the user click the hyperlink to navigate to a particular project website, the user will be navigated to the login page again. Is there a way that I can avoid this double login happens?
Thanks,
Wei
Make sure path is / and enable cross-path redirects
<authentication mode="Windows">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile"
domain="companySite"
enableCrossAppRedirects="true">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>
I cannot seem to isolate my forums to set different permissions for them than the rest of the site.
Here is the setup for my site.
<location path=".">
<system.web>
<authentication mode="None" />
</system.web>
</location>
I need to isolate my forums. At the moment, for testing purposes, I have it setup so that all users are denied access.
<location path="~/public/public-forum.aspx">
<system.web>
<authentication mode="Forms">
<forms loginUrl="public/login.aspx" />
</authentication>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
What I'm finding is that I can still access the forum page. This suggests to me that this isn't setup correctly.
Does the path attribute have to be relative? Does it have to point to the URL that the page is accessed through or the rewritten path? ~/public/public-forum.aspx is a virtual path that is rewritten so neither the directly nor the file exists with those names. Why does this currently not work?
I hope that's enough detail for a solution.
edit2:
So the solution isn't only in the comments :
As far as i know you cannot specify an authenticationmode per location.
You could set the forms authentication mode throughout your site and only require logged in users in the secure parts.
edit:
mmmh strange , are you sure you only edited the ~ away?
They discuss your problem here but i can't imagine how changing the ~ would trigger it.
Could you perhaps post your entire web.config?
Also : are you using iis 6 and virtual directories?
The ~ sign is not needed , try this :
<location path="public/public-forum.aspx">
<system.web>
<authentication mode="Forms">
<forms loginUrl="public/login.aspx" />
</authentication>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>