Forms Authentication not redirecting - asp.net-mvc

I am trying to incorporate forms authentication into my web application. If I try to load any page without logging in it will not redirect the user to the login page but instead load the requested page. As an example if I try to load ~/Home/About without logging in it will proceed to load the page without redirecting me to ~/Account/Login. This is the first time I have tried to implement form authentication and I am struggling to see the problem.
I believe I have added the correct settings to the web.config file on the root. They are as follows.
<system.web>
<authentication mode="Forms">
<forms name="chasAuth" loginUrl="~/Account/Login"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
I have another web.config file that resides in the Views folder. I have also tried to add these setting to this file however this results in a different problem. I get the following error message:
Description: An error occurred during the processing of a configuration file >required to service this request. Please review the specific error details >below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as >allowDefinition='MachineToApplication' beyond application level. This error >can be caused by a virtual directory not being configured as an application in >IIS.
I have tried to configure the virtual directory as an application in IIS as my research into the error has suggested however I can't seem to find the application in IIS. I am using localhost, or the ASP.NET Development Server, to debug my code. It is not up on a server yet. Would this be the issue?

Related

Published website, but it now displays an error page instead of homepage

The error states:
An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Here's the address where you can see the error:
http://connellchamberofcommerce.com/
I have a feeling there's something in the web.config I'm supposed to change now that the website is online instead of my local machine, but this is my first ASP.Net website and I don't know what it is.
Is there something simple I'm missing that you're supposed to do when publishing an ASP.Net website?
In order to diagnose errors for your initial deployment, you can make the following change to your web.config.
<configuration>
...
<system.web>
...
<customErrors mode="Off" />
...
</system.web>
...
</configuration>
You should change this back to RemoteOnly when you have resolved all your deployment exceptions to prevent unsavory folks from learning too much about your architecture.

strange .net MVC Form Authentication,it redirect to login when client request css/js file

Another web site using iframe to access my Product/List Page in my mvc project. my page includes some css and js tag.In my mvc project, I am using SSO(Single Sign On). When another web site request my page firstly, I will redirect to Authentication.Web/SignIn.aspx. After the user is authenticated, it will redirect back to my Account/Login?ticket=abcd&returnUrl=Product%2fList. Finally it redirect to Product/List.
After the client receive the response of Product/List, it start to download css/js file. And then some stange thing happened. The mvc authentication module redirect the request to CmsSystem.Web/Account/Login?ReturnUrl=%2fCmsSystem.Web%2fContent%2fCmsSite.css.
This problem is only happend in IE, and it is normal in firefox and chrome.So I think my program logic is no problem. I use fiddler tool to capture the request like this:
1./CmsSystem.Web/Product/List
2./CmsSystem.Web/Account/Login?ReturnUrl=%2fProduct%2fList
3.Authentication.Web/SignIn.aspx?ReturnUrl=%2fProduct%2fList
4./CmsSystem.Web/Account/Login?ticket=abcd&ReturnUrl=%2fProduct%2fList
5./CmsSystem.Web/Product/List
6./CmsSystem.Web/Content/CmsSite.css
7./CmsSystem.Web/Scripts/jquery-1.9.1.js
8./CmsSystem.Web/Account/Login?ReturnUrl=%2fContent%2fCmsSite.css
9./CmsSystem.Web/Account/Login?ReturnUrl=%2fScripts%2fjquery-1.9.1.js
my web.config as below:
<authentication mode="Forms">
<forms name="CmsSystem.LogUser" loginUrl="~/Account/Login" timeout="30" slidingExpiration="true" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
I found the authentication cookie is send to client in step 4. Is is sent to server from client from step 5 to step 9.The response of the Product/List page is received in client in step 5. Why mvc redirect to Account/Login in step 8 and step 9 when client request css/js file? Besides css/js file, I also need to post ajax request after document.ready(). And mvc also redirect to the Account/login.
Thank you.
For me packing and unpacking files with IzArc corrupted permission for "Authenticated Users" it was displaying Unknown User instead. Re-adding permission to "Authenticated users" solved the problem.
I had old folder available so I was able to compare. This was my case and I am posting it here knowing that it may not be an answer to this specific situation. This clearly fixed it for me.
I have fixed the problem, it is because i set the chinese character in the cookie. and then it caused some problems in IE7.

MVC2 Active Directory Authentication

I'm trying to add Active Directory authentication to a help desk system that was built years ago. Gradually, we'll be upgrading the whole system. I'm starting by creating an MVC2 application that will host the login, and then my plan is to bring current functionality into the MVC as we also add new features.
But the login is the base of the whole thing. We need auditing, so we need to know who's in the system.
I've read articles, other stackoverflow posts, and followed a couple MS walkthroughs to the letter. I was able to get it working as an ASP website, but when it's an MVC application, I can't seem to get it. The ASP application required adding extensive methods, and everything I read makes it sound like MVC should be much simpler.
Here are my IIS settings and the mods I've made to my web.config:
IIS Authentication
Anonymous: Disabled
ASP.NET Impersonation: Disabled
Forms: Enabled
Windows: Disabled
...
...
I keep getting the following error:
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
End goal is to authenticate the user at the home page. If they can't be authenticated, force the login.
EDIT: Enabled Anonymous Authentication
I enabled Anonymous Authentication to see if any underlying errors might be the source of the problem. I got the following error:
The container specified in the connection string does not exist.
It's finding the error in the definition of MyADMembershipProvider.
<add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" />
I changed my connection string to the following:
<add name="ADConnectionString" connectionString="LDAP://server.domain.com"/>
That did successfully redirect to the login page, but it didn't authenticate me automatically. And when I set Anonymous to Disabled again, I was back to the original error.
I think I'm missing some essential knowledge here that I'm not getting from the materials I'm reading.
EDIT: Authentication not working at all
I thought it might be worth adding that authentication isn't working at all.MembershipService.ValidateUser always returns false.
I think the solution is in the Authentication type. Originally, I was using the following:
IIS Authentication
Anonymous: Disabled
ASP.NET Impersonation: Disabled
Forms: Enabled
Windows: Disabled
And in my Web.config file I was using Forms authentication. Apparently for Active Directory authentication, the type has to be Windows.
Original:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Revised:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I know this worked, but since I'm new to MVC, I could still be missing something.

MVC website forwards to /Account/Login with only Windows Authentication enabled

I have an MVC3 website set up with only Windows Authentication enabled (so anonymous and forms are disabled). Whenever I try to hit the default page, something forwards me to this URL;
.../MyApp/Account/Login?ReturnUrl=%2fMyApp%2f
And I get an error;
The resource cannot be found. Description: HTTP 404. The resource you
are looking for (or one of its dependencies) could have been removed,
had its name changed, or is temporarily unavailable. Please review
the following URL and make sure that it is spelled correctly.
Requested URL: /MyApp/Account/Login
There's nothing in my web.config which is configured to look for this URL, but there was a section about using forms authentication which I removed;
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Should I have reconfigured this setting instead of removing it outright? I tried adding this in;
<authentication mode="Windows"></authentication>
But it still forwards back to the same place. Is there anything extra I should be doing here?
OK, so I came across the following article: http://martinnormark.com/asp-net-mvc-3-windows-authentication-problem-redirects-to-account-login
And from that, I added the following keys to my web.config in the app settings section:
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
And that solved my issue - Windows Authentication now works as expected, and there are no more redirects to a login page that doesn't exist.
When we saw this before; it was related to this auth issue but not solved by any of the solutions
Forms auth redirecting css/script includes to the login page with HTTP 302
Our problem was there was simply an extra folder with dlls copied to the bin dir that should not have been included in the deploy. Manually deleting the bin & obj directories and rebuilding the web app after that cleared it up for us.
Check if you have references to WebMatrix.Data.dll and WebMatrix.WebData.dll files and try removing their references.
And if you've added references via Add Deployable Dependencies, also remove from _bin_deployableAssemblies folder.

MVC Area Error Handling

I have a MVC project set up with 3 areas. In the main project I have error handling set up
using custom errors in the web.config.
<customErrors mode="On" defaultRedirect="~/Error/HttpError">
<error statusCode="404" redirect="~/Error/Http404" /> </customErrors>
This cause the site to redirect to a error controller in the root and then show the error view.
This works OK in the root site, however when I throw an exception in the home controller of one
of the area sites it the message below.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.
Details: To enable the details of this specific error message to be viewable on the local server machine, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".
Is it the case that error handling in the root site cannot be used in the area sites?
Thanks
John.
Does the area have it's own web.config that might be setting it's own error handling options? Can you put a breakpoint in Application_OnError to see if another error is occuring (eg. one loading the error page - eg. if you've turned off Buffering, it won't be able to do the redirect)?
You could also try adding the something like this to the main web.config to see if it it makes any difference:
<location path="nameOfArea">
<system.web>
<customErrors mode="On" defaultRedirect="~/Error/HttpError" />
</system.web>
</location>

Resources