Search Results

Search found 41 results on 2 pages for 'setauthcookie'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • Does UserId data type affect FormsAuthentication.SetAuthCookie(UserId.ToString(), false)?

    - by FreshCode
    Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability? As I understand it, the cookie is encrypted and used to identify a user on each request. I'm curious whether it should affect the design of the primary key on my Users table in my database, eg. Guid vs int or a unique username string.

    Read the article

  • FormsAuthentication.SetAuthCookie in OnAuthorization of custom attribute

    - by Prasad
    I am trying to set an auth cookie in OnAuthorization of my custom attribute in asp.net mvc(C#) application. when the session expires(New Session), i am setting an auth cookie again to make it available until the users logout. I have used the following to set the auth cookie, //set forms auth cookie FormsAuthentication.SetAuthCookie(strUserName, true); But when i check HttpContext.User.Identity.IsAuthenticated, it returns false. How to set an auth cookie in OnAuthorization of custom attribute?

    Read the article

  • FormsAuthentication.SetAuthCookie

    - by Miral
    hi we are using FormsAuthentication.SetAuthCookie(profile.Id, false); Now the question is when does this cookie expires? It ofcourse expires once i close all the browsers but it doesn't i keep the browser open and i dont know the timelimit.

    Read the article

  • ASP.NET SetAuthCookie weird behaviour

    - by rlb.usa
    Hello SO, I'm trying to do user impersonation for a web application we have. The user selects the user they'd like to emulate/impersonate and then clicks the button which fires this: protected void uxImpersonate_Click(object sender, EventArgs e) { ... FormsAuthentication.SetAuthCookie(uxUserToEmulate.SelectedValue, false); Response.Redirect("Impersonation.aspx"); //reload page manually } We have a dev - test - production server environment and on two servers this works just fine, but on another one, in all browsers, it kicks me to the login screen. What's going on and how can I fix it? We're on ASP.NET 2.0

    Read the article

  • ASP.NET SetAuthCookie Impersonation Help

    - by rlb.usa
    Hello SO, I'm trying to do user impersonation for a web application we have. The user selects the user they'd like to emulate/impersonate and then clicks the button which fires this: protected void uxImpersonate_Click(object sender, EventArgs e) { ... FormsAuthentication.SetAuthCookie(uxUserToEmulate.SelectedValue, false); Response.Redirect("Impersonation.aspx"); //reload page manually } We have a dev - test - production server environment and on two servers this works just fine, but on another one, in all browsers, it kicks me to the login screen. What's going on and how can I fix it? We're on ASP.NET 2.0, and I'm using http://stackoverflow.com/questions/549016/user-impersonation-with-asp-net-forms-authentication as a guide. UPDATE: It appears that the user actually is impersonated successfully but is loosing their Role as admin (only Admin Role's can access this impersonation page).

    Read the article

  • How can I pass FormsAuthentication.SetAuthCookie from Data Access Layer Class to WebService to Javas

    - by Reaction21
    I am using DotNetOpenAuth in my ASP.Net Website. I have modified it to work with Facebook Connect as well, using the same methods and database structures. Now I have come across a problem. I have added a Facebook Connect button to a login page. From that HTML button, I have to somehow pull information from the Facebook Connect connection and pass it into a method to authenticate the user. The way I am currently doing this is by: Calling a Javascript Function on the onlogin function of the FBML/HTML Facebook Connect button. The javascript function calls a Web service to login, which it does correctly. The web service calls my data access layer to login. And here is the problem: FormsAuthentication.SetAuthCookie is set at the data access layer. The Cookie is beyond the scope of the user's page and therefore is not set in the browser. This means that the user is authenticated, but the user's browser is never notified. So, I need to figure out if this is a bad way of doing what I need or if there is a better way to accomplish what I need. I am just not sure and have been trying to find answers for hours. Any help you have would be great.

    Read the article

  • FormsAuthentication AuthCookie data type

    - by FreshCode
    Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability? As I understand it, the cookie is encrypted and used to identify a user on each request. I'm curious whether it should affect the design of the primary key on my Users table in my database, eg. Guid vs int or a unique username string.

    Read the article

  • Can someone please clarify my understanding of a mock's Verify concept?

    - by Pure.Krome
    Hi folks, I'm playing around with some unit tests and mocking. I'm trying to verify that some code, in my method, has been called. I don't think I understand the Verify part of mocking right, because I can only ever Verify main method .. which is silly because that is what I Act upon anyways. I'm trying to test that my logic is working - so I thought I use Verify to see that certain steps in the method have been reached and enacted upon. Lets use this example to highlight what I am doing wrong. public interface IAuthenticationService { bool Authenticate(string username, string password); SignOut(); } public class FormsAuthenticationService : IAuthenticationService { public bool Authenticate(string username, string password) { var user = _userService.FindSingle(x => x.UserName == username); if (user == null) return false; // Hash their password. var hashedPassword = EncodePassword(password, user.PasswordSalt); if (!hashedPassword.Equals(password, StringComparison.InvariantCulture)) return false; FormsAuthentication.SetAuthCookie(userName, true); return true; } } So now, I wish to verify that EncodePassword was called. FormsAuthentication.SetAuthCookie(..) was called. Now, I don't care about the implimentations of both of those. And more importantly, I do not want to test those methods. That has to be handled elsewhere. What I though I should do is Verify that those methods were called and .. if possible ... an expected result was returned. Is this the correct understanding of what 'Verify' means with mocking? If so, can someone show me how I can do this. Preferable with moq but i'm happy with anything. Cheers :)

    Read the article

  • Asp.net MVC authentication ticked without create auth cookie

    - by Diego
    I'm authenticating a user in my application with the method "FormsAuthentication.SetAuthCookie" method, but when I close the browser and reopen it, it is still authenticated, but the session is over already, then my app crashes because it has necessary data on the session to generate the menus. What I want to do is the following: Create an authentication ticket without create a auth cookie to, whenever the user open the page in a new browser session it will request the login once again. How can I achieve this.

    Read the article

  • vb.net .aspxauth

    - by Morgan
    I am working with a large site trying to implement web parts for particular users in a particular subdirectory but I can't get the .ASPXAUTH cookie to be recognized. I've read dozens of tutorials and MS class library pages that tell me how it should work to no avail. I am brand new to Web parts, so I'm sorry if I'm unclear. The idea is that logged in users can travel the site, but then when they go to their dashboard, they are programmatically authenticated using Membership and FormsAuthentication to pull up their Personalization. When I step through the code, I can see the cookie being set, and that it exists on the following page, but Membership.GetUser() and User.Identity are both empty. I know the user exists because I created it programmatically using Membership.CreateUser() and I can see it when I do Membership.GetAllUsers() and it's online when i use Membership.GetUser(username) but the Personalization doesn't work. Right now, I'm just trying to get the proof of concept going. I've tried creating the ticket and cookie myself, and also using SetAuthCookie() (code follows). I really just need a clue as to what to look for. Here's the "login" page... If Membership.ValidateUser(testusername, testpassword) Then -- Works FormsAuthentication.SetAuthCookie(testusername, true) Response.Redirect("webpartsdemo1.aspx", False) End If And the next page (webpartsdemo1.aspx) Dim cookey As String = ".ASPXAUTH" lblContent.Text &= "<br><br>" & Request.Cookies(cookey).Name & " Details" lblContent.Text &= "<br>path = " & Request.Cookies(cookey).Path lblContent.Text &= "<br>domain = " & Request.Cookies(cookey).Domain lblContent.Text &= "<br>expires = " & Request.Cookies(cookey).Expires lblContent.Text &= "<br>Secure only? " & Request.Cookies(cookey).Secure lblContent.Text &= "<br>HTTP only? = " & Request.Cookies(cookey).HttpOnly lblContent.Text &= "<br>Has subkeys? " & Request.Cookies(cookey).HasKeys lblContent.Text &= "<br/><br/>request authenticated? " & Request.IsAuthenticated.ToString lblContent.Text &= " Getting user<br/>Current User: " Dim muGidget As MembershipUser If Request.IsAuthenticated Then muGidget = Membership.GetUser lblContent.Text &= Membership.GetUser().UserName Else lblContent.Text &= "none found" End If Output: .ASPXAUTH Details path = / domain = expires = 12:00:00 AM Secure only? False HTTP only? = False Has subkeys? False request authenticated? False Getting user Current User: none found Sorry to go on so long. Thanks for any help you can provide.

    Read the article

  • Logoff User when browser tab page is closed, ASP.NET MVC

    - by Gopinath
    In one of the ASP.NET MVC apps we would like to logoff the user automatically if he closes the browser tab in which the app is opened. We are using the following code when he authenticates. FormsAuthentication.SetAuthCookie(userName, false) As of now, if we closes the browser window and relaunch it, users are asked to authenticate again. But we want to ask users to authenticate again if they close the tab and try to access any of the website urls.

    Read the article

  • asp.net forms authentification security issues

    - by Andrew Florko
    Hi there, I have a kind of asp.net forms authentication with the code like that: FormsAuthentication.SetAuthCookie(account.Id.ToString(), true); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null); What kind of additional efforts shall I take to make authentication cookie (that is user id) more securable? (https, encoding for example) Thank you in advance!

    Read the article

  • Authorization security of ASP.NET Forms authentication

    - by Tomi
    I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

    Read the article

  • Authenticate into asp.net app from a winforms app

    - by tempid
    Hi there! We have 2 applications - 1 windows and 1 web (asp.net). Winforms runs on the customer's machine where as the website is hosted within our company. The winforms has a link which opens the web app in a browser window. The web app is secured so the login page is shown. The username and password is the same as the windows app login. How do I auto-login to the web app so the user will not see the login screen? The web app uses FormsAuthentication.SetAuthCookie to create an encrypted cookie on the user's machine. How do I create the same from the winforms app so the user will not see the login screen? Thanks.

    Read the article

  • Read cookies in silverlight

    - by Dharam Narayan
    hi, I have an ASP.NET MVC application. In this after user get Sign in .We set the a cookie for the user who logged in using FormsAuthentication.SetAuthCookie(userName, false). In other page we get the Cookies using the FormsAuthentication.GetAuthCookie(userName]) . This cookie values as string is then set in the Response.Cookies["username"].Value = cookiesvalue . We have .aspx page in the same application that downloads silverlight application .Silverlight reads the cookies using the code string[] cookies = HtmlPage.Document.Cookies.Split(';'); The problem is that once session expires in the application,silverlight cannot read the cookie value. After the session expires we again set the cookies in headers using the Response.Cookies["username"].Value = cookiesvalue . But still silverlight application cannot read this cookie . Thanks in Advance DNM

    Read the article

  • OpenId ASP MVC Authentication with long expiry

    - by Khash
    Stackoverflow uses OpenId as many other websites. However, I rarely need to provide my OpenId to Stackoverflow while with other OpenId enabled websites, I have to do it once a day or week. This suggests to me that the expiry of the session is with the website and not the OpenId provider. Looking at the DotNetOpenId code in ASP MVC, I can see that after a successful authentication by the OpenId provider FormsAuthentication.SetAuthCookie is called with the identifier and a boolean parameter to determine if the cookie should be persisted. How can I force this cookie to expire, say in 2020 instead of whatever the default value is.

    Read the article

  • Forms Authentication and Login controls

    - by DotnetDude
    I am upgrading a website written using ASP.NET 1.1 and the logic for the login page includes verifying the credentials, calling FormsAuthentication.SetAuthCookie() and populating the Session with the user information. I am updating this page to use Login controls and the Membership API and am trying to wrap my head around the concepts that have been changed. Most of the samples I see do not do anything on the login button event handler, so is the logic of setting the cookie abstracted out into the control? Also, how do I check if a user is logged in or not on other pages. Does it still store user information using the Session? How do I check if a user belongs to a particular role or not (Earlier, I would look in the Session object to do something like this) Is the Session a bad way of storing user info? Thanks

    Read the article

  • Strange Error - "Object moved to here."

    - by Dkong
    I get the strange error "Object moved to here." on a blank white page when I try to login on a site I created. It works fine locally but not when I deploy it to the test or production server. I am not doing anything odd, just using basic authentication code in a helper function as follows... public static bool AuthenticateUser(string Username, string Password, bool PersistLogin, string RedirectionURL) { if (Membership.ValidateUser(Username, Password)) { FormsAuthentication.SetAuthCookie(Username, PersistLogin); HttpContext.Current.Response.Redirect(RedirectionURL,true); return true; } else return false; }

    Read the article

  • How to call a jquery function from an action method in controller?

    - by Hasan Fahim
    I have a requirement to open a popup from an action method in controller. The action method is basically registering a user. [HttpPost] public ActionResult Register(RegisterModel model) { if (ModelState.IsValid) { MembershipCreateStatus createStatus; Membership.CreateUser(model.UserName, model.Password, model.Email, null, null, true, null, out createStatus); if (createStatus == MembershipCreateStatus.Success) { FormsAuthentication.SetAuthCookie(model.UserName, false /* createPersistentCookie */); //------------------------------------------ //I need to call a jquery function from here //------------------------------------------ return RedirectToAction("Index", "Home"); } else { ModelState.AddModelError("", ErrorCodeToString(createStatus)); } } return View(model); } The jquery function, present in the view, would just make a hidden DIV, visible, and set the opacity, etc, to represent a popup. I need to call such a jquery function from the controller's action method shown above.

    Read the article

  • MVC Forms Authentication with custom database

    - by AndrewVos
    I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation. I am logging in my user like this: if (PasswordHasher.Hash(password) == dataUser.Password) { FormsAuthentication.SetAuthCookie(email, true); return true; } The problem is, when the session expires obviously the user has to login again. I am thinking I should be storing this Auth cookie in my users table? Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset. I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.

    Read the article

  • How to SetCookie() in a System.Net.HttpWebRequest request for another Page2.aspx?

    - by Mike108
    How can I SetCookie in Page1.aspx by a System.Net.HttpWebRequest request for Page2.aspx which handle the SetCookie() function? Page1.aspx and Page2.aspx are in the same webapp. Page1.aspx: protected void Page_Load(object sender, EventArgs e) { string url = "http://localhost/Page2.aspx"; System.Net.HttpWebRequest myReq = (System.Net.HttpWebRequest)System.Net.HttpWebRequest.Create(url); System.Net.HttpWebResponse HttpWResp = (System.Net.HttpWebResponse)myReq.GetResponse(); System.IO.Stream myStream = HttpWResp.GetResponseStream(); } Page2.aspx: protected void Page_Load(object sender, EventArgs e) { string userName = "Lily"; FormsAuthentication.SetAuthCookie(userName, true); }

    Read the article

  • Replacing ASP.NET Forms Authentication with WIF Session Authentication (for the better)

    - by Your DisplayName here!
    ASP.NET Forms Authentication and WIF Session Authentication (which has *nothing* to do with ASP.NET sessions) are very similar. Both inspect incoming requests for a special cookie that contains identity information, if that cookie is present it gets validated and if that is successful, the identity information is made available to the application via HttpContext.User/Thread.CurrentPrincipal. The main difference between the two is the identity to cookie serialization engine that sits below. Whereas ForsmAuth can only store the name of the user and an additional UserData string. It is limited to a single cookie and hardcoded to protection via the machine key. WIF session authentication in turn has these additional features: Can serialize a complete ClaimsPrincipal (including claims) to the cookie(s). Has a cookie overflow mechanism when data gets too big. In total it can create up to 8 cookies (á 4 KB) per domain (not that I would recommend round tripping that much data). Supports server side caching (which is an extensible mechanism). Has an extensible mechanism for protection (DPAPI by default, RSA as an option for web farms, and machine key based protection is coming in .NET 4.5) So in other words – session authentication is the superior technology, and if done cleverly enough you can replace FormsAuth without any changes to your application code. The only features missing is the redirect mechanism to a login page and an easy to use API to set authentication cookies. But that’s easy to add ;) FormsSessionAuthenticationModule This module is a sub class of the standard WIF session module, adding the following features: Handling EndRequest to do the redirect on 401s to the login page configured for FormsAuth. Reads the FormsAuth cookie name, cookie domain, timeout and require SSL settings to configure the module accordingly. Implements sliding expiration if configured for FormsAuth. It also uses the same algorithm as FormsAuth to calculate when the cookie needs renewal. Implements caching of the principal on the server side (aka session mode) if configured in an AppSetting. Supports claims transformation via a ClaimsAuthenticationManager. As you can see, the whole module is designed to easily replace the FormsAuth mechanism. Simply set the authentication mode to None and register the module. In the spirit of the FormsAuthentication class, there is also now a SessionAuthentication class with the same methods and signatures (e.g. SetAuthCookie and SignOut). The rest of your application code should not be affected. In addition the session module looks for a HttpContext item called “NoRedirect”. If that exists, the redirect to the login page will *not* happen, instead the 401 is passed back to the client. Very useful if you are implementing services or web APIs where you want the actual status code to be preserved. A corresponding UnauthorizedResult is provided that gives you easy access to the context item. The download contains a sample app, the module and an inspector for session cookies and tokens. Let’s hope that in .NET 4.5 such a module comes out of the box. HTH

    Read the article

  • Create non-persistent cookie with FormsAuthenticationTicket

    - by Marcus
    Hello! I'm having trouble creating a non-persistent cookie using the FormsAuthenticationTicket. I want to store userdata in the ticket, so i can't use FormsAuthentication.SetAuthCookie() or FormsAuthentication.GetAuthCookie() methods. Because of this I need to create the FormsAuthenticationTicket and store it in a HttpCookie. My code looks like this: DateTime expiration = DateTime.Now.AddDays(7); // Create ticket FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, user.Email, DateTime.Now, expiration, isPersistent, userData, FormsAuthentication.FormsCookiePath); // Create cookie HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; if (isPersistent) cookie.Expires = expiration; // Add cookie to response HttpContext.Current.Response.Cookies.Add(cookie); When the variable isPersistent is true everything works fine and the cookie is persisted. But when isPersistent is false the cookie seems to be persisted anyway. I sign on in a browser window, closes it and opens the browser again and I am still logged in. How do i set the cookie to be non-persistent? Is a non-persistent cookie the same as a session cookie? Is the cookie information stored in the sessiondata on the server or are the cookie transferred in every request/response to the server? Thanks in advance! /Marcus

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >