I use ASP.NET and ASP.NET Authentication.
I have a website with structure like:
ROOT
- CMS
- AdminCms
- web.conf*
- FORUM
- AdminForum
- web.conf*
- web.conf ***
Now in web.conf *** I use for CMS LOGIN PAGE
<authentication mode="Forms">
<forms loginUrl="~/Cms/AdminCms/Login.aspx" timeout="2880" />
</authentication>
My Questions:
How can I have another DEFAULT LOGIN PAGE for another folder? (if the user use for example FORUM).
Would be possible insert in web.conf* another
<authentication mode="Forms">
<forms loginUrl="~/Forum/AdminForum/Login.aspx" timeout="2880" />
</authentication>
Any ideas?
Based on my comment earlier - Forms authentication allows redirecting a user to different pages after a successful login. To enable this, the forms authentication keeps track of the original page a user came from in the ReturnUL request parameter to the login page.
In your case you could do something like this in the codebehind of your login page after a successful login:
string originalTarget = Request.Params["ReturnUrl"];
if(originalTarget != null)
{
if(originalTarget.Contains(#"/FORUM/")
Response.Redirect(someForumURL);
else
Response.Redirect(someCMSURL);
}
Edit: Here also a link to an article - Forms Authentication - Redirecting users to a Page other than Default.aspx
If you mark both the folders, CMD and Forum as an application in IIS, you can easily do this since both of them will be a separate application domain.
Related
I'm trying to set up FormsAuthentication in .Net App. It happens to be an SSRS authentication Extension but for the purpose of this question that shouldn't matter.
Logon flow:
Application redirects to logon.aspx when website is opened.
Logon.aspx redirects to auth site to authenticate (IDP).
Auth site redirects back to Logon.aspx.
Logon.aspx sets Forms authentication cookie.
Logon.aspx redirects to home page -> here's where it goes wrong, it redirects back to Logon.aspx.
Web.config:
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="sqlAuthCookie" protection="All" path="/" timeout="180" enableCrossAppRedirects="true">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<identity impersonate="false" />
I tried a two ways to authenticate via forms:
// Doesn't redirect
FormsAuthentication.RedirectFromLoginPage(username, createPersistentCookie: true);
// Set's cookie in response then redirects but comes back
FormsAuthentication.SetAuthCookie(username, createPersistentCookie: true);
string returnUrl = "/ReportServer";
Response.Redirect(returnUrl, false);
I don't know if it's a setting I missed or maybe the auth cookie is lost somewhere; when it redirects back to Logon.aspx the auth cookie is gone.
This is a shot in the dark really - it looks to me like you're missing some logic. I can recommend at least one troubleshooting task:
Ensure that forms authentication is set to use cookies (read more)
Open IIS Manager and navigate to the level where Forms Authentication is enabled
In Features View, double-click Authentication
On the Authentication page, select Forms Authentication
In the Actions pane, click Edit
In the Cookie settings section, select Use cookies from the Mode dropdown
In windows authentication without subdomain http://localhost/myweb/ its asking username/password after successful its displaying application page.
But when I ran with subdomain http://abc.localhost/myweb/
its not taking the login credentials, Its giving Unauthorized access error.
what changes I need to do to overcome this problem.
what I tried is:
in Web.config I changed allow users to * and deny users to ? but its not working
Its because the cookie is change and depended on the subdomain and domain - to make it keep the same cookie you have to define the domain parameter on the authentication lines and on cookie on web.config
The lines that you have to define it are...
<authentication mode="Forms">
<forms domain="domain.com" .... />
</authentication>
<roleManager domain="domain.com" >
.... other lines .....
</roleManager>
<httpCookies domain="domain.com" .... />
Setting up the correct domain with out subdomain you can have the same authenticated cookie on your subdomains
Other similar questions : Multiple applications using same login database logging each other out
I have two different web applications hosted in same server .
and in one application i have link to the second one .
If a user login in first application and click the link to second one ,
the user automatically login as i pass the login information through query string .
The Problem :
If the user click on logout button in any of these application , automatically loose session in the other one too
Why this happen ? How can i overcome this ?
I got the Issue , I have same domain name for both of these applications .
As it has same domain name the cookie and session ids are same . Hosted these applications with different domain names and the issue gone ..!
If you are using Forms Authentication you should change cookie name in web.config
<system.web>
<authentication mode="Forms">
<forms name=".SOMENAME" requireSSL="false" protection="All" loginUrl="~/Security/Login" timeout="2880" />
</authentication>
</system.web>
I have an issue with my ASP.Net web app built in 4.0 framework.
I have the below set in the web config -
<authentication mode="Forms">
<forms loginUrl="~/SignIn.aspx" protection="All" timeout="2880" path="/" />
</authentication>
when a user clicks my url he sees the login page.
Now the session timeout is set to the default session time out from IIS which is 20 minutes.
Now when the session expires I would like to force the user to redirect to Logout.aspx
How can I achieve this? I would like to redirect the user to Logout.aspx page once the session times out.
The short answer is to check HttpContext.Current.Session.IsNewSession on each page request to see if the user's session timed out and has started a new session. In the event that it is a new session, redirect the user to the page of your choosing.
If you're using MVC or even just want to see a more thorough explanation of session timeouts in action, check out http://tyronedavisjr.com/2008/11/23/detecting-session-timeouts-using-a-aspnet-mvc-action-filter/ for an example.
In an ASP.NET 3.5 application running on IIS, how do I force a "deauthentication" of all currently logged-in and authenticated users?
iisreset didn't seem to do the trick!
Changing the authentication form name will then require new authentication from all users.
From:
<authentication mode="Forms">
<forms name="originalName" loginUrl="~/Account/Login" />
</authentication>
To:
<authentication mode="Forms">
<forms name="differentName" loginUrl="~/Account/Login" />
</authentication>
ASP.NET authentication is designed to be resilient to an IISReset due to its use of cookies - performing an IISReset will clear any in-memory information, but the next time a user asks for a page on your site, they will send their authentication token, which (if it hasn't timed out) will still be valid, and the server will re-authenticate them.
You could write something that would effectively log out the user after a restart, by (for example) storing the application start time in a global variable in Application_Start, and then comparing the users LastActivityDate with that value - if it's before the start time, then you can call the appropriate sign-out method during Application_SessionStart or Application_BeginRequest.