I made a new asp.net mvc project with Individual User Accounts. I connected with my db. And made some controllers. My question is how to require user to log in in order to see some controllers ? I added above the ActionResult method [Authorize] , but it also shows me without requiring to log in. What changes should i do ?
Have you made sure that you have the right authentication attribute forms in your web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Related
I use formsauthentication in my mvc application but it does not work as I expect. I have in my web.config file added ..
<authentication mode="Forms">
<forms loginUrl="~/login/Login" timeout="30" defaultUrl="~/login/Login" />
</authentication>
But if I go directly to a page other than the login page, I still can view that page even if I have not logged on to the site. What am I missing here?
I downloaded NopCommerce open source e-commerce project.
It's ASP.NET MVC based and uses Forms Authentication.
When I login always it sends me to login page.
I debugged it and I found a problem httpContext.Request.IsAuthenticated always return false (httpContext variable is type of HttpContextBase).
I checked forms authentication cookie, the cookie is successfully created also httpContext.Request has found cookie.
Someone recommended to add machine key to web config, I added but doesn't resolve.
I don't understand what's the problem ???
Check you got set the authentication mode in your webconfig
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
</system.web>
I have an MVC project that I am using simple membership with, and i have some actions marked with [Authorize].
When a user who is not logged in tries to view one of these actions, they are redirected to /Account/Login. How do I change that URL? I need it to go to /Account/Account/Login.
I believe Jasens answer is correct when using regular membership with ASP.NET, However I've discovered that with SimpleMembership it does not work.
To change it with SimpleMembership, the following record needs to be added in the web.config under <appSettings>
<add key="loginUrl" value="~/Your/Login/Url"/>
Specify the URL in web.config
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Account/Login" timeout="2880" />
</authentication>
</system.web>
I've built a small ASP.NET mvc app with Forms Authentication. I don't seem to be able to share cookies/authentication from the base domain(say people.com) to subdomain (abc.people.com)
What I mean is when i Debug through the code the Request.Cookies object doesn't have any and User.Identity.IsAuthenticated is false.
What's even weird is it seems to work fine for Internet Explorer (weird huh .. ?) But for Chrome and Firefox.
But when i check the browser for cookies, I can see that the cookie is existent for the domain people.com
Am i missing something very obvious ??
Edit: I'm using OAuthWebSecurity to Login. The code that logs in is this
OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, createPersistentCookie: true);
And the web.config value is
<authentication mode="Forms">
<forms loginUrl="~/Account" timeout="2880" />
</authentication>
Adding domain attribute to forms filed, with base domain value seemed to have fixed the problem.
<authentication mode="Forms">
<forms loginUrl="~/Account"
timeout="2880"
domain="people.com"
/>
I am working on an Asp.Net MVC 3 application. I have created admin area for the website and applied [Authorized] attribute to actionmethods after login. When I try to access these urls directly without login like admin/home or admin/productlist, I am redirected to /Home/Login with authentication error. I want to redirect to Admin/Login.
Please suggest.
Thanks
If this is a Stock MVC 3 Authorization then myself as well as many others have had problems with the incorrect url address being set for the "LogOn" Action... For some reason authorize is trying to send a user to Account\Login and looking at the account views tells that there is actually no "Login" view it is called "LogOn" so you have to fix this in the Web.config file with the following:
<add key="loginUrl" value="~/Account/LogOn" />
The login URL for ASP.NET applications (including MVC3 ones) is controlled in web.config, in the forms authentication section:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="2880" />
</authentication>
</system.web>
</configuration>
The trick for you is that you want two different login URLs. ASP.NET has a great feature where you can have a web.config file in each directory of your project, and as needed it will use the most specific setting it can find, up to the root web.config. So in the folder where you have your admin views ("Admin" I'm guessing), you should be able to create a second web.config, which will apply only to those pages and lower in the tree:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Admin/Login" timeout="2880" />
</authentication>
</system.web>
</configuration>
You can override your Authorize action filter to handle those issues. For example, you can check not only roles, but some specific permissions, and redirect to different Url's. And also using this approach can take into account your routing configuration.
Take a look at this answer : asp.net mvc Adding to the AUTHORIZE attribute