I use formsauthentication in my mvc application but it does not work as I expect. I have in my web.config file added ..
<authentication mode="Forms">
<forms loginUrl="~/login/Login" timeout="30" defaultUrl="~/login/Login" />
</authentication>
But if I go directly to a page other than the login page, I still can view that page even if I have not logged on to the site. What am I missing here?
Related
I made a new asp.net mvc project with Individual User Accounts. I connected with my db. And made some controllers. My question is how to require user to log in in order to see some controllers ? I added above the ActionResult method [Authorize] , but it also shows me without requiring to log in. What changes should i do ?
Have you made sure that you have the right authentication attribute forms in your web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
I have an MVC project that I am using simple membership with, and i have some actions marked with [Authorize].
When a user who is not logged in tries to view one of these actions, they are redirected to /Account/Login. How do I change that URL? I need it to go to /Account/Account/Login.
I believe Jasens answer is correct when using regular membership with ASP.NET, However I've discovered that with SimpleMembership it does not work.
To change it with SimpleMembership, the following record needs to be added in the web.config under <appSettings>
<add key="loginUrl" value="~/Your/Login/Url"/>
Specify the URL in web.config
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Account/Login" timeout="2880" />
</authentication>
</system.web>
When my MVC4 web site (mywebsite.com) is deployed (to Amazon Web Services) and a non-authenticated user clicks on a link requiring authentication (e.g. Search), they are redirected to
www.mywebsite.com/Web.UI_deploy/Account/Login?ReturnUrl=%2fSearch
instead of
www.mywebsite.com/Account/Login?ReturnUrl=%2fSearch
(Web.UI_deploy is the web root on the web server). This issue only occurs with deployment, not on localhost.
What is the cleanest method of resolving this?
Minor change in the web.config solves the issue
Before
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
I removed the tilde ~ and it solved the problem
After
<authentication mode="Forms">
<forms loginUrl="/Account/Login" timeout="2880" />
</authentication>
I got this idea from Issue with return URL Authorize issue MVC4
I'm using the ASP.NET MVC SimpleMemberShip Provider,
There isn't any problem for a while after I logged in. I check if user is Boss, this is working.
if (User.IsInRole("Boss")) {
//do something
}
But after a few minutes when I refresh the page ,User.IsInRole("Boss") always returns false.
I debugged and checked if user still logged in, yes, user is still there, nothing changed but IsInRole keeps returning false.
When I log out and log in again It starts working.
I think the problem is about Sessions but I couldn't find any solution.
This is what I have in Web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
UPDATE:
I realized that happens when I rebuild my project.
You could be losing your cookie. Try adding:
<forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="2880" />
this solved quite a few problems in our MVC app.
I've built a small ASP.NET mvc app with Forms Authentication. I don't seem to be able to share cookies/authentication from the base domain(say people.com) to subdomain (abc.people.com)
What I mean is when i Debug through the code the Request.Cookies object doesn't have any and User.Identity.IsAuthenticated is false.
What's even weird is it seems to work fine for Internet Explorer (weird huh .. ?) But for Chrome and Firefox.
But when i check the browser for cookies, I can see that the cookie is existent for the domain people.com
Am i missing something very obvious ??
Edit: I'm using OAuthWebSecurity to Login. The code that logs in is this
OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, createPersistentCookie: true);
And the web.config value is
<authentication mode="Forms">
<forms loginUrl="~/Account" timeout="2880" />
</authentication>
Adding domain attribute to forms filed, with base domain value seemed to have fixed the problem.
<authentication mode="Forms">
<forms loginUrl="~/Account"
timeout="2880"
domain="people.com"
/>