I'm using cookies on my ASP.NET MVC site.
Recently I've noticed that there are many pages */(X(1)S(ofezdiyg5ae5veyvmylvjkgd))/***
shown in Google and Yandex.
I've investigated and found out that they are pages with cookieless authorization.
I turned cookieless off in my Web.config.
Now my site requires cookies to operate.
But neverthess these pages are still working and have code 200.
I want to stop them working - and redirecting to normal pages.
How can I do that?
Related
We are planning to deploy an MVC website to prod and we would like to DISABLE NTLM authentication to all pages but ONE. The intended behavior is that when any non-logged in/ anonymous user tries to access any page he will be thrown to the login page, but if he tries to access a specific page, let's say
http://samplewebsite.org/SweetHome/Authenticate/SSO
The NTLM authentication will kick in.
Can anyone teach me how?
Thanks in advance.
I am developing a web site using ASP.net MVC. There are pages that are locked down and are only accessible by logged in users. If the user isn't logged in when trying to access these locked pages, then they are redirected to the login screen.
My question is, can search engines crawl these pages even though they are locked down to authorized users? If they can, should I be adding the meta tag rel="nofollow" or is there a better solution in MVC to block whole folders and its contents from search engines?
No the secured pages will also deny access to any search engine crawler.
the google bot will not be able to load the HTML in side the secured pages, however if there are links from the site to the secured page and if its loading the HTML, that could be index by google.
I have a technical requirement to start from a "public" (non-secure) physical ASPX page and then bridge into an MVC 3 application. I have figured out the changes to "routing", but the MVC [Authorize] does not seem to recognize that the user (cookie) is authenticated. It keeps taking me back to the ASPX login page.
Has anyone successfully used a standard, physcial page as login, and then transfer into secure MVC? This is part of a larger SSO design effort.
I'm developing a site with ASP.Net 4 which uses routing extensively. it displays pages for each client depending on the route data.
http://localhost/abc/manage/posts/ redirect to posts page of abc client
http://localhost/adidas/manage/posts/ redirects to adidas page.
now i need to do this using the subdomain way like adidas.localhost.com. i searched through SOF and found few solutions using MVC.
URL Routing across multiple subdomains
I have added the required wildcard dns, host file changes etc. and i understand that i need to read the hostheader to to determine the client. my question is where do i have to do this check, as im using routing without MVC i don't use MVC controllers. i need to do with ASP.net 4 routing. can someone give me an idea on this ?
I'm currently trying to set up a website that uses both windows authentication and forms authentication. I am using ASP.NET MVC and both IIS6 and 7 need to be supported. How would I go about letting known AD users into the app (their AD id is stored against their user record in the application database) and directing everyone else to a standard username/password page.
It seems the answer is no. We've had to set up 2 sites, the main application with forms authentication and a separate windows authenticated site which redirects to the forms site with a token which expires quickly telling the forms site that an authenticated user is incomming.
What about the option using custom 401 redirect at IIS level outlined in this article