I am having a problem with my asp.net application. I am using the default Register.aspx to register a new user. After the user have been successfully created i am redirected to a new page that informs me of the success. When i try to navigate to a different page the current user changes to the one i just created. I want to keep the current user. What am i missing?
Thanks
Remove the following line from your Register action in the Account controller upon successful registration:
FormsAuthentication.SetAuthCookie(model.UserName, false);
This is what changes the user by emitting a new authentication cookie in the response with this username.
Related
I want to know, how to correctly implement user registration in my identity server with asp net identity with redirection to login page after registration and then redirection to callback URL after login with registered account.
I followed Identity Server 4 quickstart tutorial and as far i created my own mvc identity server with asp.net identity. Now i want to add some registration so i created RegistrationController with Registration form and added Register button to login form.
I have an asp.net mvc application which require authentication. When user runs main page, he is automatically redirected to my identity server login page. User clicks register button, fills required information and clicks register button to confirm registration. Registration controller creates a new account and stores it in database using account manager.
This is part i am missing:
After successful registration i want an user to be redirected back to login page and when user logs in he should be redirected back to the web application and authenticated.
I am new to the web terminology especially mvc. Can you recommend me please some documentation where i can learn more to solve this problem ?
I have faced similar problem in one of my projects and basically the way we achieved this desired behavior was to retain the original connect/authorize query parameters throughout the registration flow and then at the end redirect the user back to the connect/authorize url with the original query parameters.
All worked out of the box from that point on since it had the original callback uri to the client that initiated the OAuth flow in the first place.
Thanks Vidmantas Blazevicius tip i found solution. When user clicks register i redirect him to the register page with return URL as query parameter. When user confirms or cancels registration he is redirected back to AccountContoller.Login(string returnUrl) action. Then when user logs in, he is successfully redirected back to original site.
This is the AccountControler.Register action when user clicks register in login page:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Register(LoginInputModel model)
=> RedirectToAction("register", "registration", new { returnUrl = model.ReturnUrl });
This calls RegistrationController.Register to show registration form:
[HttpGet]
[Route("register")]
public ViewResult Register([FromQuery]string returnUrl)
=> View("Views/Account/Registration.cshtml", new UserRegistrationViewModel(returnUrl));
The RegistrationController.Cancel action is executed when user clicks cancel in registration page:
[HttpPost]
[Route("cancel")]
public IActionResult Cancel(UserRegistrationViewModel viewModel)
=> RedirectToAction("login", "account", new { returnUrl = viewModel.ReturnUrl });
In registration form use return URL property of view model like this #Html.HiddenFor(x => x.ReturnUrl) otherwise it will be not set in Cancel postback.
In Grails 2.5.1 application i'm using Spring security core plugin 2.0-RC5 , i would like to return back to the requested URL, for instance to access page payOnline you need to be logged in first so i redirect to the login page after the successful login i want to go to payOnline.
How this could be achieved?
To access page payOnline you need to be logged in first so i redirect to the login page after the successful login i want to go to payOnline.
1. Go to Requested page :
By default spring security stores the request url you want to access before you are redirected to the login page. After you logged in successfully you are then redirected to the page you wanted.
E.g.
User trying to access `/payOnline`
If user is not logged in redirect user to `login` page
user successfully logged in redirect to `/payOnline`
What you are asking is the default behavior of spring security core plugin.
If its not working as expected then please check if you have successHandler.alwaysUseDefault config property present in your config.groovy. If yes then remove it.
2 . Got to specific page always :
If you want to go to specific page always after login then you you can specify the controller action to which you want to go in UrlMappings.groovy pretty easily.
Just specify the controller and action to which you want to got after login like below
Lets suppose Provision Controller and payOnline action.
"/"(controller: "provision", action: "payOnline")
This will redirect all the successful login users to payOnline page.
Reference :
http://docs.grails.org/2.5.1/guide/theWebLayer.html#urlmappings
I implemented two step verification in a ASP.Net MVC page which uses Web Security by doing the following logic:
1) When the user login's first time and when clicks Next in the Login page,he is validated-
if (Membership.ValidateUser(model.UserName, model.Password))
{
......// Encrypt the password and storing it in a session
......// Then redirect to step 2 verification page...
}
and he gets redirected to 2nd step verification page where he would be asked to enter a security Q. If he gets it correct then a new cookie(Cookie2) is created,
and the user is logged in using-
.......//Decrypt the password
_webSecurity.Login(username, decryptedpassword, false)
and then he is redirected to his home page.
2) Next time when he tries to login to the app, there is a check to see if the cookie(Cookie2) which is created in the 2nd step is existing or not. If it exists, then he is redirected to the Home page directly and if its not existing then he is again asked to enter security Q.
So if we see the implementation here, i am actually logging the user into the app only if he gets 2nd step verification valid. In order to implement this, i am creating a cookie and storing the password in a session.
Can anyone let me know if we can code this in a better way?I am guessing we can do this without using sessions and cookies.
Any ideas/suggestions are most welcome.
Thanks,
WH
I am creating an MVC 5 application that authenticates a user via Facebook to access a particular resource.
I want to be able to authenticate this user with a cookie as if they are logged into my site as an authenticated user manually.
However, it is a requirement that this user not be actually created as a user in the membership system used by the site, as it is reserved for admins.
Is this possible?
I attempted to do this by creating an identity manually but this was a total hack attempt by piecing together the existing code from the MVC Account controller...
var authUser = new ApplicationUser() { UserName = me.email, Email = me.email };
var manager = HttpContext.GetOwinContext().Authentication;
manager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
manager.SignIn(new AuthenticationProperties() { IsPersistent = true }, await HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>().CreateIdentityAsync(authUser, DefaultAuthenticationTypes.ApplicationCookie));
It almost seems to work, but then it complains that the user id does not exist.
Which I assume means it's attempting to use my user database to authenticate the user, which as I said is not what we want.
So is it possible to manually authenticate a user with the custom default asp.net account implementation and persist an authenticated cookie, but NOT create an actual user?
please let me know what more info I could provide to help find a solution. thank you
shortly after submitting this I found this question: Storing/Retrieving user data without database when using OWIN cookie authentication
which seems to do exactly what I need, indeed this did the trick, thanks and sorry for duplicating the question
I'm designing a small ASP.NET MVC site for a club. Generally, I want users to be able to stay logged in, but what happens if a user's membership has lapsed? Is there any way to "de-authorize" them so that next time they try to view a page, it redirects them to a page telling them their membership has lapsed?
If the timeout defined for the authentication cookie is hit it will no longer be valid and users will automatically be redirected to the login page. If you want to sign them out automatically under some circumstances you could simply:
FormsAuthentication.SignOut();
Why don't you make the expiration of the authentication cookie, the number of days that you want, or their membership expiration date, whichever is sooner, then you get the benefit of getting handled automatically
When you get the user's information from the cookie, you could add a check to see if their membership has lapsed and redirect them to that page.