I downloaded NopCommerce open source e-commerce project.
It's ASP.NET MVC based and uses Forms Authentication.
When I login always it sends me to login page.
I debugged it and I found a problem httpContext.Request.IsAuthenticated always return false (httpContext variable is type of HttpContextBase).
I checked forms authentication cookie, the cookie is successfully created also httpContext.Request has found cookie.
Someone recommended to add machine key to web config, I added but doesn't resolve.
I don't understand what's the problem ???
Check you got set the authentication mode in your webconfig
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
</system.web>
Related
I made a new asp.net mvc project with Individual User Accounts. I connected with my db. And made some controllers. My question is how to require user to log in in order to see some controllers ? I added above the ActionResult method [Authorize] , but it also shows me without requiring to log in. What changes should i do ?
Have you made sure that you have the right authentication attribute forms in your web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Not redirecting to log in page after session time out in mvc 3 application even after specifying forms in authentication tag.
Here is web.config code:-
<authentication mode="Forms">
<forms loginUrl="http://localhost/securityManager/Account/LogOn" timeout="1" enableCrossAppRedirects="true" defaultUrl="http://localhost:50008"/>
</authentication>
Please refer this link. http://msdn.microsoft.com/en-us/library/vstudio/eb0zx8fc%28v=vs.100%29.aspx
In short...
To configure forms authentication across applications, you set attributes
of the forms and machineKey sections of the Web.config file to the same
values for all applications that are participating in shared forms
authentication.
I have created an asp.net mvc web application, it's working fine on localhost but when I upload it, users will get logged out automatically while they are working.
I used:
FormsAuthentication.SetAuthCookie(dbuser.FName, false /* createPersistentCookie */);
and in Web.config:
<authentication mode="Forms">
<forms loginUrl="~/home/login" timeout="2880" />
</authentication>
I tried a lot of things but didn't find a solution. How can I prevent the auto logout from happening?
Ensure that where ever you are hosting it is hosting it as a single instance or handling the session state in an instance-independent manner - ASP.net does not automaically handle session transfers in web gardens or farms. The moment your client hits the other server, they will be logged out.
If you are hosting it on AppHarbor with two web workers for example, you will need to handle the state setup yourself.
Have you tried setting:
Session Timeout Value
<system.web>
<sessionState mode="InProc" timeout="20"/>
</system.web>
At last I have to change my whole coding converting into cookie base user module
I've built a small ASP.NET mvc app with Forms Authentication. I don't seem to be able to share cookies/authentication from the base domain(say people.com) to subdomain (abc.people.com)
What I mean is when i Debug through the code the Request.Cookies object doesn't have any and User.Identity.IsAuthenticated is false.
What's even weird is it seems to work fine for Internet Explorer (weird huh .. ?) But for Chrome and Firefox.
But when i check the browser for cookies, I can see that the cookie is existent for the domain people.com
Am i missing something very obvious ??
Edit: I'm using OAuthWebSecurity to Login. The code that logs in is this
OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, createPersistentCookie: true);
And the web.config value is
<authentication mode="Forms">
<forms loginUrl="~/Account" timeout="2880" />
</authentication>
Adding domain attribute to forms filed, with base domain value seemed to have fixed the problem.
<authentication mode="Forms">
<forms loginUrl="~/Account"
timeout="2880"
domain="people.com"
/>
I am working on an Asp.Net MVC 3 application. I have created admin area for the website and applied [Authorized] attribute to actionmethods after login. When I try to access these urls directly without login like admin/home or admin/productlist, I am redirected to /Home/Login with authentication error. I want to redirect to Admin/Login.
Please suggest.
Thanks
If this is a Stock MVC 3 Authorization then myself as well as many others have had problems with the incorrect url address being set for the "LogOn" Action... For some reason authorize is trying to send a user to Account\Login and looking at the account views tells that there is actually no "Login" view it is called "LogOn" so you have to fix this in the Web.config file with the following:
<add key="loginUrl" value="~/Account/LogOn" />
The login URL for ASP.NET applications (including MVC3 ones) is controlled in web.config, in the forms authentication section:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="2880" />
</authentication>
</system.web>
</configuration>
The trick for you is that you want two different login URLs. ASP.NET has a great feature where you can have a web.config file in each directory of your project, and as needed it will use the most specific setting it can find, up to the root web.config. So in the folder where you have your admin views ("Admin" I'm guessing), you should be able to create a second web.config, which will apply only to those pages and lower in the tree:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Admin/Login" timeout="2880" />
</authentication>
</system.web>
</configuration>
You can override your Authorize action filter to handle those issues. For example, you can check not only roles, but some specific permissions, and redirect to different Url's. And also using this approach can take into account your routing configuration.
Take a look at this answer : asp.net mvc Adding to the AUTHORIZE attribute