1.The Tester test my ASP.NET MVC website and report "Cookie not Sent Over SSL(4720)" issues.
2.And they provide me to solve this issue by Add <httpCookies httpOnlyCookies="true" requireSSL="true" /> in Web.config and then I followed the instructions.
3.The problem when i run and test my website the Session and TempData is null when change page. The code below is shown how i set Session and TempData.
3.1 I set Session and TempData when user go to "Home/Index".
public class HomeController : Controller
{
public ActionResult Index()
{
TempData["class"] = "A";
TempData.Keep();
Session["status"] = "NO";
return View();
}
}
3.2 When user change page to "Admin/User" i get TempData["class"] and Session["status"] but both is null.
public class AdminController : Controller
{
public ActionResult User()
{
string userclass = TempData["class"] != null ? TempData["class"].ToString() : "";
string userstatus = Session["status"] != null ? Session["status"].ToSring() : "";
UserModel usermodel = new UserModel(userclass, userstatus);
return View(usermodel);
}
}
If i delete <httpCookies httpOnlyCookies="true" requireSSL="true" /> from Web.config and test again it's work. but it's still issue "Cookie not Sent Over SSL (4720)" when tester test this website.
How to fix this problem?
P.S. Sorry for bad english skill.
If you set your cookies to be sent securely over SSL, then you must enable SSL in IIS Express for this to work.
Visual Studio configures all the necessary things (like your server certificate and the settings) when you select the SSL option for the web host.
You'll find here a full tutorial about it.
Related
I have a messaging webhook setup in Twilio that does a post to a URL on a server on Azure in the format https://******.*****corps.org:441/SMS The controller has been tested using NGrok locally and works great, in Azure when I use the get by typing in the URL I am able to get a response from the web server no problem, but the post from Twilio gets a 11200 retrieval failure. Is there something that would block the cross domain post on IIS that I am unaware of?
''' public class SMSController : TwilioController
{
[HttpPost]
public TwiMLResult Index(SmsRequest request)
{
var response = new MessagingResponse();
UserProfile _userProfileFrom = UserProfileService.GetByTwilioFromPhone(request.From);
...
return TwiML(response);
}
[HttpGet]
public ActionResult Index() //works fine..
{
return View();
}
}'''
Thanks for the edit Shoaib K. I found the problem using Postman (database connectivity error in my code). I was able to create a manual post and setting the following in the Web.config file (ASP.NET):
<compilation debug="true" targetFramework="4.7.2" />
<customErrors mode="Off"></customErrors>```
in registration form when user enter just numeric character it shows "password must have at least one lowercase ['a'-'z']", I need to translate it in my native language, where can I find this message?
Firstly, install the identity localized package in Package Manager Console:
Install-Package Microsoft.AspNet.Identity.Core.tr
(.tr or your localization code .it, .es, .de, .fr etc.)
Then set culture in web.config:
<system.web>
<globalization culture="tr-TR" uiCulture="tr"/>
</system.web>
Now, your identity messages will be automatically set according to your language.
These messages are provided by framework, not from your model, so you cannot use data annotations for this. But you can solve the problem in another way:
Step 1: Create resource file for your controller or use shared resource. For example, if your controller is /Controllers/AccountController.cs, then resource file should be Controllers.AccountController.de.resx in your resources folder (depending on configuration; instead of de use your locale code).
Step 2: Write translations for strings: PasswordRequiresLower, PasswordRequiresNonAlphanumeric, PasswordRequiresUpper. These strings are codes of identity errors. You can see them during debug of registration process after failed registration.
Step 3: Do not forget to use localizer in your controller
using Microsoft.Extensions.Localization;
public class AccountController : Controller
{
private readonly IStringLocalizer<AccountController> _localizer;
public AccountController(IStringLocalizer<AccountController> localizer)
{
_localizer = localizer;
}
// Another code of AccountController class.
}
Step 4: Add translated descriptions for errors in registration action
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
// User account created.
return RedirectToAction("Index", "Home");
}
// User account creation failed.
foreach (var error in result.Errors)
{
ModelState.AddModelError(error.Code, _localizer[error.Code]);
}
When I set httpCookies in my web.cofig, TempData stops working in my ASP.NET MVC 5 project.
<httpCookies httpOnlyCookies="true" requireSSL="true" />
For my testing, I created an empty ASP.NET MVC 5 project and verified the same. Can you please tell me what are the other ways to use a TempData in this case.
I tried to google but did not get any luck.
public ActionResult Index()
{
TempData["Message"] = "test";
return RedirectToAction("About");
}
public ActionResult About()
{
//Here TempData is empty
//I can use parameters in About, but I dont want message in my url
var test = TempData["Message"];
ViewBag.Message = "Your application description page.";
return View();
}
Thanks,
Sam
Have an MVC5 project using Windows authentication where User.Identity.Name randomly turns up empty. The site needs to display public facing and secure pages. Anonymous authentication is enabled in IIS and set to Application Pool Identity. The behavior is pretty random but most commonly repeated by navigating away from home and back again (if I sit there and click a home link it happens about 1 every 10 or so clicks) There's no special sauce in the web.config or controller action:
Web.Config
<system.web>
<authentication mode="Windows" />
</sytem.web>
HomeController
public class HomeController : BaseController
{
protected IMailer _mailer;
public HomeController(INLogger logger, IMailer mailer) : base(logger) {
this._mailer = mailer;
}
public ActionResult Index()
{
return View();
}
}
Threads out there say to use Request.SeverVariables["LOGON_USER"], but this turns up empty too.
Has me baffled, any insight would get great. Thanks!
I've got an MVC4 project that I'm working on. When a user's login credentials are valid, I call FormsAuthentication.SetAuthCookie() to indicate that the user is logged in. (I have it wrapped in a class so I can mock the Interface for my unit tests.)
namespace FlashMercy.Shared.Security
{
using System;
using System.Web.Security;
public class Auth : IAuth
{
public void SetAuthCookie(string userId, bool remember)
{
FormsAuthentication.SetAuthCookie(userId, remember);
}
public void Signout()
{
FormsAuthentication.SignOut();
}
}
}
In the debugger, I can confirm that the .SetAuthCookie(userId, remember) line is executing, and userId is populated.
Then, I have a custom authorize attribute to check that the user is logged in:
namespace FlashMercy.Shared.Security
{
using System.Web.Mvc;
public class FlashMercyAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
{
filterContext.Result = new RedirectResult("/");
}
}
}
}
When I debug the application, the filterContext.HttpContext.User.Identity.IsAuthenticated is false even after I've supposedly set the auth cookie. Also, filterContext.HttpContext.User.Identity.Name is empty. I'm not sure what I'm missing here.
Update
If you care to look at the whole source, it's available on GitHub: https://github.com/quakkels/flashmercy.
Problem with your code is that you are using FormsAuthentication, but you didn't add it to web.config. Your web.config should have such section:
<system.web>
<authentication mode="Forms"></authentication>
...
</system.web>
Based on this Mode Asp.Net understand what authentication mode it should use, e.g. Forms, Windows, etc. And without settings it to Forms value - FormsAuthenticationModule just ignores .ASPXAUTH cookie from the request.
PS. I've downloaded your code, and with correct authentication section in web.config it works fine and updates HttpContext.User.Identity.IsAuthenticated to true.
The problem is that you only set the authentication cookie but do not have anything that load it.
It's forms authentication that uses that cookie. So you either have to activate forms authentication or you'll have to load it yourself.
filterContext.HttpContext.User.Identity.IsAuthenticated is false even after I've supposedly set the auth cookie.
This will always be the case if you do not redirect after SetAuthCookie(). The ASP.Net pipeline is in charge of authorizing the user (most of the time before we write code) in the AuthenticateRequest. Setting a Cookie does not update the current User.Identity, this requires code that has already been executed. Just make sure anytime you SetAuthCookie() you immediately redirect (server side is fine) to another URL (probably should anyway, its a good way to seperate logging in a user, and what they should do next SRP).