How to make user log on only once? - c#

We are using ASP membership database to manage our websites security, and each website corresponding to one membership role. I made a portal site to list all the hyperlinks to these project websites (all the user within any role can log on to this portal site), and in the webconfig file, I list all the roles for every project website:
<authorization>
<allow roles="Administrators,ProjectId1_Member,ProjectId10_Member,ProjectId11_Member,ProjectId12_Member,ProjectId13_Member,ProjectId14_Member,ProjectId15_Member,ProjectId16_Member,ProjectId17_Member,ProjectId18_Member,ProjectId19_Member,ProjectId2_Member,ProjectId21_Member,ProjectId22_Member,ProjectId23_Member,ProjectId24_Member,ProjectId25_Member, "/>
<deny users="*"/>
</authorization>
But it works for the user to log on to the Portal site. But if the user click the hyperlink to navigate to a particular project website, the user will be navigated to the login page again. Is there a way that I can avoid this double login happens?
Thanks,
Wei

Make sure path is / and enable cross-path redirects
<authentication mode="Windows">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile"
domain="companySite"
enableCrossAppRedirects="true">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>

Related

I want to grant default document anonymous access in web.config

I have a site that uses forms authentication site wide, with some pages within as exceptions where they are allowed to be viewed with anonymous access. I want the default doc, index.aspx to be viewable via anonymous access. It grants me access if I specify index.aspx in the url, but if I type in the domain name only, I get redirected to connectionTest.aspx (the login page for the site). I have confirmed that index.aspx is the default doc. So there's something wrong with my web config entry for index.aspx
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="connectionTest.aspx" timeout="30" />
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="30" />
<authorization>
<deny users="?" />
</authorization>
<location path="~/index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="index.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Your issue is come because you did not have declare the domain on the form authentication. Because the authentication is base on cookie and you need to access it with out the www. in front you need to declare it as:
<authentication mode="Forms">
<forms name=".ASPXAUTH" domain="demo.com" loginUrl="connectionTest.aspx" timeout="30" />
</authentication>
when you set the domain with out the www. in front then all cookies from the domain are the same one, if you do not declare that, then each cookie is depends from the sub-domain and are different - so you logged out.
the same stands and for the cookie it self.
Similar answer : Multiple applications using same login database logging each other out

How to provide access and restriction to particular folder in asp MVC

I am new in MVC.
I want to restrict my img folder role wise but:
I don't know how to create custom role. So please guide me on how I mange Custom Role Management?
web.config
<location path="img" allowOverride="false">
<system.web>
<authorization lockItem="true">
<allow roles="member"/>
<deny users="*" />
</authorization>
</system.web>
</location>
I have provided above code in web.config file.
<authentication mode="Forms">
<forms name="SiteUser" path="~" loginUrl="~/Login/Login" protection="All" timeout="30"/>
</authentication>
When I try in URL location http://localhost:51116/img
it automatically redirects me on login page but when I write http://localhost:51116/img/1-1.png
at that time I can access my file.
I want to restrict that folder and file inside that folder role wise.
Please help me.

Remove Authentication from Web api on Localhost

I have a OData web api on visual studio using the ADO.NET Framework. I am getting an authentication window on chrome, I removed the authorize parts from the controllers and web.config file, yet the window asking username and password is coming.
How to remove it ?
My web.config file has
<system.web>
<authentication mode="Windows">
<forms requireSSL="true" />
</authentication>
<authorization>
<allow roles="myService" />
<deny users="*" />
</authorization>
which I removed but still authentication window is opening. Thanks a lot for your help.
Use None as mode for authentication-Element. The default value when you do not specify anything is Windows. More information about ASP.NET Authentication can be found here
<authentication mode="None">
<!--<forms requireSSL="true" />-->
</authentication>

Javascript does not seem for fire at UAT website

I have a website in UAT. My ASP.NET webpage works fine in Dev environment.
But for same webpage ASP calender does not pop up, Radio button lists changed index event won't get fired. Basically no button post back to server either.
More info after spending several hours trying to resolve this :
I removed the authentication part from my web.config file :
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30"
defaultUrl="Survey.aspx" protection="All">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
And now everything works. I am still stunned and have no clue why form authentication can cause this strange behavior.
I compared the IIS settings in both UAT and Dev and they seem to be identical.
I my case the form authorization was causing this.
I removed
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30"
defaultUrl="Survey.aspx" protection="All">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
From web.config and problem was fixed.

Forms authentication in Community Server

I'm having a problem with Forms authentication in my website. At the moment when a user is not logged in they get redirected to a login page, which works fine. However, I want an unauthorised user to get redirected to a new page (welcome.aspx). Having changed the web.config I get the following HTTP Error 500.19 - Internal Server Error:
Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'redirect'
And here is the relevant part of my web.config:
<authentication mode="Forms">
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
If I set Visual Studio to use the Visual Studio Development Server instead of my Local IIS WebServer, it all works fine. Also if I rename welcome.aspx to login.aspx it works fine.
Any Help is appreciated.
Have you tried
<authentication mode="Forms">
<clear />
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>

Categories

Resources