This is the nature of Forms Authentication. (which im guessing you’re using). That is, when you access a page which requires authentication, ASP.NET will redirect you to the login page, passing in the ReturnUrl as a parameter so you can be returned to the page you came from post-login. To remove this functionality would break … Read more
In MVC you normally use the [Authorize] attribute to manage authorization. Controllers or individual actions that are dressed with that attribute will require that the user is authorized in order to access them – all other actions will be available to anonymous users. In other words, a black-list approach, where actions that require authorization are … Read more
It is not that simple 🙂 In the Startup.cs, configure method. app.UseCookieAuthentication(options => { options.AutomaticAuthenticate = true; options.AutomaticChallenge = true; options.LoginPath = “/Home/Login”; }); Add Authorize attribute to protect the resources you want to secure. [Authorize] public IActionResult Index() { return View(); } In the Home Controller, Login Post action method, write the following method. … Read more
Here is a very simple authentication scheme for Sinatra. I’ll explain how it works below. class App < Sinatra::Base set :sessions => true register do def auth (type) condition do redirect “/login” unless send(“is_#{type}?”) end end end helpers do def is_user? @user != nil end end before do @user = User.get(session[:user_id]) end get “https://stackoverflow.com/” do … Read more
It seems that the FormsAuthenticationModule gets handled first. This module is normally earlier than any custom module in the ASP.NET pipeline, so when AuthenticateRequest is fired, FormsAuthenticationModule will get called first, do its job and then your module’s event handler will be called. If you really want to dig deep into this, I suggest trying … Read more
You’re right — that’s a typo in the template.
You can use the standard Internet application template with forms authentication and insert an ActiveDirectoryMembershipProvider into the web.config: <connectionStrings> <add name=”ADConnectionString” connectionString=”LDAP://YOUR_AD_CONN_STRING” /> </connectionStrings> <system.web> <authentication mode=”Forms”> <forms name=”.ADAuthCookie” loginUrl=”~/Account/LogOn” timeout=”15″ slidingExpiration=”false” protection=”All” /> </authentication> <membership defaultProvider=”MY_ADMembershipProvider”> <providers> <clear /> <add name=”MY_ADMembershipProvider” type=”System.Web.Security.ActiveDirectoryMembershipProvider” connectionStringName=”ADConnectionString” attributeMapUsername=”sAMAccountName” /> </providers> </membership> </system.web> In this way you get the … Read more
This is a solution for SHA1 variant. public static string GetSwcSHA1(string value) { SHA1 algorithm = SHA1.Create(); byte[] data = algorithm.ComputeHash(Encoding.UTF8.GetBytes(value)); string sh1 = “”; for (int i = 0; i < data.Length; i++) { sh1 += data[i].ToString(“x2”).ToUpperInvariant(); } return sh1; } For MD5 you only need to change the algorithm to: MD5 algorithm = … Read more
In Startup.Auth.cs, you will see something like: for RC: app.UseSignInCookies(); This was removed in RTM and replaced with the explicit configuration of the cookie auth: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString(“/Account/Login”) }); The CookieAuthenticationOptions class has a CookieDomain property which is what you are looking for I believe.
I had the same problem. Here’s how I solved it. In IIS7, click on your website, then double-click the Authentication button. Click on Anonymous Authentication, then click the Edit… link on the right hand side. Make sure the “Application pool identity” checkbox is checked. My application pool is running under the “Network Service” user (not … Read more