Two MVC Projects, sharing Login, not supposed to - asp.net-mvc

I have an MVC5 project (with other underlying projects), using Web Forms Authentication (SimpleMembership).
Later, I created a second MVC project in the same solution. I changed the port for IISExpress debugging to be different than that of the original so I can access both sites when I debug.
http://localhost:12345/MainAppIndex
http://localhost:54321/SecondaryAppIndex
My current login information however, is shared between both projects. If I log in the first site and open the second, it uses my first login's credentials.
I literally made the second app by copying the first project, tweaking around the .csproj file and solution file, then stripped a bunch of stuff away to start with what I needed. (I also created a new aspnet membership database and pointed the new project to that db, so both apps have their own membership database).
What setting do I have to change for IIS Express to view these as two different logins?
And... will this be an issue in production if a user happens to look at both at the same time (or even swapping back and forth with only one open at once?)

This turned out to be a cookie issue. By changing the web.config to set a non-default cookie name (the default being .ASPXAUTH, apparently), they are then treated as separate logins.
<system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH-PROVIDERS" loginUrl="~/Account/Login" timeout="2880" />
</authentication>
</system.web>

You need to use another database or 2 applications will continue using the same database.
In order to do that, go to Web.Config (at the root) and use other Connection String.
Then go to Models -> IdentityModels.cs and change the name of the Connection string to your new connection string.

Related

Can't Login To Two Asp.Net MVC 5 Application on the same browser

I have Two Asp.net MVC 5 Applications running in the same server, when I login To the first one,I Automatically Logged Out From the second one ,And when I create user on both with the same username if login to one I login automatically in the other one ,I Don't Know what am doing wrong .
I user Microsoft visual studio 2013 default ASP.NET MVC 5 project Template.
Check to see if both apps are using the same application pool. Otherwise ensure they are not using the same back end data tables ie. the same Identity tables. If they overlap that could be your issue.
This might be caused by cookie name collision, if both applications are served from the same domain (domain.com/app1 and domain.com/app2) or from subdomain of one of them (domain.com and app.domain.com) - your two applications may have a default authentication cookie name of .ASPXAUTH.
You can change the authentication cookie name in web.config:
<system.web>
<authentication mode="Forms">
<forms name=".MYAPPASPXAUTH" loginUrl="~/Account/Login" timeout="2880" />
</authentication>
</system.web>
Picking a unique name for each of your applications fixes the issue.

How to switch Authentication in MVC Application?

I've created Internet MVC Application with Individual User Accounts Authentication, but now this project should be intranet with windows authentication... How to switch authentication, when project is almost done? I'm not guru in MVC and this is new technology for me, so any help please and if possible with all steps in description=)
In the Web.config of you project. The first step would be change:
<authentication mode="Forms">
</authentication>
to
<authentication mode="Windows">
</authentication>
Selecting your project and hitting F4 for the properties window allows you to change the authentication method.
However instead of me putting step by step in here just use this very easy to follow tutorial:
Enabling Windows Authentication
Since I found this question through google attempting the same thing, and Firearm's link doesn't quite do the process justice, I'll attempt to list the steps I went through here. Obviously, if I tell you to remove something, that only means if you aren't using it otherwise. I don't think you have to do these steps in any particular order.
Also, I'm using Entity Framework, so you'll have to look elsewhere to remove it.
in the solution explorer, highlight your project and press f4. This will bring up the properties window for that project. Disable anonymous authentication. Enable windows authentication.
Tools -> NuGet Package Manager -> Manage NuGet Packages for Solution... uninstall anything with "owin" in the name, Microsoft.AspNet.Identity.EntityFramework, and Microsoft.AspNet.Identity.Core.
Open your Web.config. Under runtime, under assemblyBinding, remove all the dependentAssembly's for Owin stuff that got left behind. Under system.web, replace <authentication mode="None" /> with <authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>. Under system.webServer, remove handlers. under modules, remove <remove name="FormsAuthentication" />.
Remove the Account and Manage controllers and views. Remove the ManageViewModels from your models.
Under App_Start, get rid of IdentityConfig and Startup.Auth.
At the top level, right next to your web config, is Startup.cs. Get rid of it.
Make a new ApplicationDbContext. It should derive from DbContext. Get rid of throwIfV1Schema: false in your constructors. Then you can get rid of IdentityModels from your Models folder. Add a new migration and update your database.
Obviously you'll have to clean out any references you've made yourself to Identity.
Possible additional step:
* remove _LoginPartial view. The _Layout view will then be updated to replace partial display of that view with this line:
<p class="nav navbar-text navbar-right">Hello, #User.Identity.Name!</p>
Searching the exact same problem led me to this article, however the answers are a bit old, so with ASP.NET using MVC 5 this should be detailed documentation from Microsoft:
To detect Windows Authentication in an MVC project, the wizard looks for the authentication element from your web.config file.
<configuration>
<system.web>
<authentication mode="Windows" />
</system.web>
</configuration>
To detect Windows Authentication in a Web API project, the wizard looks for the IISExpressWindowsAuthentication element from your project's .csproj file:
<Project>
<PropertyGroup>
<IISExpressWindowsAuthentication>enabled
</IISExpressWindowsAuthentication>
</PropertyGroup>
</Project>
Found at Diagnosing errors with the Azure Active Directory Connection Wizard
For my specific problem it was switching to Azure AD rather than Windows Authentication (which was preset), there are more steps found at the developer network website.
I'm afraid I'm a bit late with my answer to you're question on how to implement the SwitchUser functionality, but for those of you who are still struggling with this (even Microsoft SharePoint still can't get it to work...), here's how it's done: (I just finished writing the article)
Switch User Functionality using MVC4 and Windows Authentication
If you need more information on how to get Windows Authentication workong for an Intranet Website using AD and Windows Server 2012 (or Higher), then take a look at my following article:
Windows Authentication on Intranet Website using AD and Windows Server 2012 (or Higher)
Happy coding!

login/logout issue for multiple IIS applications under the same site

I have 2 applications under the same website in IIS7.5. The problem is the follow:
Open the browser and login the first application;
Open another browser tab and login the second appication;
The first application automatically logout.
I have the same asp.net authentication DB but I created two different users with different roles and different ApplicationId. I also set different applicationName attribute in membership provider configuration in applications web.config file.
Can you help me please? Sorry for my English.
Thanks.
If the IIS website is configured to use Forms-Based Authentication, then the problem is most likely that the cookie for the 2nd login (which is a different user) is overwriting the cookie from the initial login. By default, the cookie is named ".ASPXAUTH". You should be able to verify this by inspecting the response headers returned from IIS using something like Fiddler.
You can control the cookie name IIS uses to maintain the session by changing the "name" attribute in the element in the web.config. See this documentation for more details. An example of this portion of the web.config would be something like:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="APP1SESS" />
</authentication>
If the applications are contained within single, separate sub-folders, then you could also use the "path" attribute instead to tell the browser to only send the cookie for requests in that sub-folder. Be careful here as any shared resources like images that are not in the sub-folder would need to be publicly accessible.
The //authentication/forms element can only be specified at the root level of the application. Check this SO post for a discussion on that.

single membership providers within ASP.Net MVC 3 application sharing between 2 webapplications

We have 2 different mvc web applications running on single membership provider. I have put these 2 applications on the webserver and has the virtual path:
http://aa.svr1/app1
http://aa.svr1/app2
If user opens the app1 and app2 in seperate browsers it logs out the other aplication.
When user uses one application at a time, no issuess, concurrently used, its giving log off in one of the application.
I have put the machinekey in web.config file for app1 application and was working fine.
I have made new tfs release onto live server, now again back to the same situation that when app1, app2 browsed simultaneoulsy, logging off one of the application.
What could be causing this blocking sessions/behaving unexpectedly like this ?
You could try explicitly specifying the path parameter of the authentication cookie:
<forms loginUrl="~/Account/LogOn" timeout="2880" path="app1" />
or simply use 2 different cookie names:
<forms name="app1auth" loginUrl="~/Account/LogOn" timeout="2880" />

Why is my ASP.NET MVC Application requesting Windows Authentication?

I've been building a ASP.NET MVC application and using forms authentication. In my controller action I have:
[Authorize(Users = "me,joe")]
that has been working great. Last night when I published the newest changes and attempt to view my website it started popping up a Windows Authentication dialog box. I've looked at all my code and cannot figure out WHY it would change to Windows authentication. My web.config file has not changed in at least 10 days. If I run the code from my dev box it does not do this...only when it is run from my host. And if I remove the Authorize line from my controller action it does not happen.
How can I fix this or how can I debug my solution to see why this is happening?
BTW, my web.config says:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
This is most likely do to IIS settings for authentication and permissions on the website's folder on the web server. I would check both of those before anything else.
I'm just shooting in the dark, but do you have an <identity> setting in your web.config?
<system.web>
...
<identity impersonate="true"/>
...
</system.web>
If so, it might help to remove this line. It might also help to ask your hosting provider why Windows Authentication is suddenly being applied to your web site. As others have mentioned there are IIS settings which could be causing this behavior.
I think you need to set the permissions for IUSER, IWAM
Using the Windows Explorer browse to the folder you are wanting to grant permissions. Right click on the folder and select "properties". In the resulting dialog click on the "Security" tab near the top. You can then add or edit security for these accounts (IUSR_machineName, IWAM_macnineName, and ASPNET).

Resources