Develop Reference

mvc formsauthentication does not work

I use formsauthentication in my mvc application but it does not work as I expect. I have in my web.config file added ..
<authentication mode="Forms">
<forms loginUrl="~/login/Login" timeout="30" defaultUrl="~/login/Login" />
</authentication>
But if I go directly to a page other than the login page, I still can view that page even if I have not logged on to the site. What am I missing here?

How to do Single Sign On for multiple MVC 4 web applications on IIS 7.5

I have 2 MVC 4 applications deployed on IIS 7.5. I would like to achieve a single sign on all of them. I have following web.config settings in both the applications -
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" enableCrossAppRedirects="true" path="/" name=".MVCAuthCookie" timeout="45" defaultUrl="/" slidingExpiration="false" protection="All" cookieless="UseCookies" />
</authentication>
<machineKey
validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
validation="SHA1" />
<authorization>
<deny users="?" />
</authorization>
When I logged in in the first app and I browse second application in a separate tab, it still takes me to the login page for the second app. I can see in fiddler that the MVCAuthcookie is indeed getting passed with the get request for second application.
What am I missing here?

Turns out that I need to set compatibility mode for machinekey element to "Framework20SP2" as stated here - http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx which resolved the issue.

MVC4 : User.IsInRole not working properly

I'm using the ASP.NET MVC SimpleMemberShip Provider,
There isn't any problem for a while after I logged in. I check if user is Boss, this is working.
if (User.IsInRole("Boss")) {
//do something
}
But after a few minutes when I refresh the page ,User.IsInRole("Boss") always returns false.
I debugged and checked if user still logged in, yes, user is still there, nothing changed but IsInRole keeps returning false.
When I log out and log in again It starts working.
I think the problem is about Sessions but I couldn't find any solution.
This is what I have in Web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
UPDATE:
I realized that happens when I rebuild my project.

You could be losing your cookie. Try adding:
<forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="2880" />
this solved quite a few problems in our MVC app.

Unable to share cookie into subdomain for Chrome and Firefox

I've built a small ASP.NET mvc app with Forms Authentication. I don't seem to be able to share cookies/authentication from the base domain(say people.com) to subdomain (abc.people.com)
What I mean is when i Debug through the code the Request.Cookies object doesn't have any and User.Identity.IsAuthenticated is false.
What's even weird is it seems to work fine for Internet Explorer (weird huh .. ?) But for Chrome and Firefox.
But when i check the browser for cookies, I can see that the cookie is existent for the domain people.com
Am i missing something very obvious ??
Edit: I'm using OAuthWebSecurity to Login. The code that logs in is this
OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, createPersistentCookie: true);
And the web.config value is
<authentication mode="Forms">
<forms loginUrl="~/Account" timeout="2880" />
</authentication>

Adding domain attribute to forms filed, with base domain value seemed to have fixed the problem.
<authentication mode="Forms">
<forms loginUrl="~/Account"
timeout="2880"
domain="people.com"
/>

Authorize login URL in asp.net MVC 3

I am working on an Asp.Net MVC 3 application. I have created admin area for the website and applied [Authorized] attribute to actionmethods after login. When I try to access these urls directly without login like admin/home or admin/productlist, I am redirected to /Home/Login with authentication error. I want to redirect to Admin/Login.
Please suggest.
Thanks

If this is a Stock MVC 3 Authorization then myself as well as many others have had problems with the incorrect url address being set for the "LogOn" Action... For some reason authorize is trying to send a user to Account\Login and looking at the account views tells that there is actually no "Login" view it is called "LogOn" so you have to fix this in the Web.config file with the following:
<add key="loginUrl" value="~/Account/LogOn" />

The login URL for ASP.NET applications (including MVC3 ones) is controlled in web.config, in the forms authentication section:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Home/Login" timeout="2880" />
</authentication>
</system.web>
</configuration>
The trick for you is that you want two different login URLs. ASP.NET has a great feature where you can have a web.config file in each directory of your project, and as needed it will use the most specific setting it can find, up to the root web.config. So in the folder where you have your admin views ("Admin" I'm guessing), you should be able to create a second web.config, which will apply only to those pages and lower in the tree:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Admin/Login" timeout="2880" />
</authentication>
</system.web>
</configuration>

You can override your Authorize action filter to handle those issues. For example, you can check not only roles, but some specific permissions, and redirect to different Url's. And also using this approach can take into account your routing configuration.
Take a look at this answer : asp.net mvc Adding to the AUTHORIZE attribute