.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

ASP.NET forms authentication with roles

Posted By: Venkat     Posted Date: January 30, 2010    Points: 2   Category :ASP.Net
.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath <configuration>

View Complete Post

More Related Resource Links

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Forms based users being prompted for windows authentication login for My Sites photos in user lists

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 

403 Forbidden - Forms Authentication


Form template has cascading dropdown lists.  When item selected from first list, form code executes a FileQueryConnection to retrieve data from a list to populate 2nd listbox.  Getting 403 forbidden when explicitely attempting to retrieve data from code.  Form is using connections from a data connection library.  The template works perfectly when deployed to a windows authenticated site.  Fails when executed from the forms authenticated site.


Issue with Forms Authentication


 I'm in the middle of converting an intranet application to use forms authentication. The authentication process works fine for the core application and all the nested classic asp pages. However, my nested asp.net applications do not work. I have mapped their web.configs to the correct login url. If I attempt to access them after logging in, I am automatically redirected to the homepage of the intranet application. If I try to access them directly, I am redirected to the login screen, as I should be, and then the intranet homepage after the login process, instead of the page I need to access.

At first, I thought there might be some remnant of the security processes in the nested applications, but it does it for applications that have no security processes other than the one for the core intranet.

Since this is my first crack at using forms authentication, I'm assuming I've missed some step. Any ideas?

Here is the section of my web.config:

<authentication mode="Forms">

      <forms loginUrl="~/folder/loginpage.aspx" name="Cookie Name"></forms>


      <deny users="?" />
      <allow users="*"/>

Automatic expiration of forms authentication when user closes the browser windows without signing ou

Dear all, can u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.   Thanks 

Forms Authentication Add SQL Database Variable

I am using Forms Based Authentication I have extended the Forms Authentication Tables creating a custom table called Profile_Contact that holds the user's GUID, username, email address, and other information. I have another table called Profile_Account which holds company account information such as Company Name, address info, phone numbers etc. This table has a Key Field called IDProfileAccount. I include the IDProfileAccount field in the ProfileContact user table so I can associate the user with a specific Company.For the login page, I am using a basic login page created with using the Visual Studio login controls.When the user logs in, they are sent to the appropriate page as identified by the role the user has been given. This all works great. Now I need to extend the login page so that when the user logs in not only is the user's name and GUID placed in session, I would also like to have the IDProfileAccount record placed in session as well so that I can filter the records the user sees as only those records of the Company the user is associated with. I know how to add static variable to a session and how to retrieve them to filter data, what I need to know is how to retrieve the data from the SQL table on login and sending it to the session. I would think it would be something along these lines:Partial Class login Inherits System.Web.UI.Page Protected Sub Logi

Forms authentication and Active Directory? Help!

Hi, im new to sharepoint 2010. im in a situation whereby i would like to allow users that already have Active directory accounts log into sharepoint. The problem arises when i need to allow external users to log into the sharepoint site too and it will not be possible to add them into the active directory. Is there a way to resolve this problem? Appreciate all help given! Thanks! norphos

Active Directory user impersonation with forms authentication

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:<identity impersonate="true" /> but that doesn't seem to work. I also have the C# code using the WindowsImpersonationContext class, but still no luck. protected void titleTextBox_TextChanged(object sender, EventArgs e) { TextBox tb = (TextBox)sender; string fieldTitle = "job title"; string fieldName = "title"; if (userDirectoryEntry == null) CaptureUserIdentity(); try { WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate(); if (String.IsNullOrEmpty(tb.Text)) userDirectoryEntry.Properties[fieldName].Clear();

Supporting forms authentication SharePoint sites

Hello, I am changing the type of authentication in SharePoint to Form authentication.I create a document Library and I choose as a Document Model (Microsoft Office Word 2007). The problem is : "I can't create a new Item Document Word". It disappear.   I am using this article (http://blogs.msdn.com/b/sharepoint/archive/2009/05/13/update-on-sharepoint-forms-based-authentication-fba-and-office-client.aspx ) to solve my problem. The problem is I don't find the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Internet\FormsBasedAuthSettings

forms authentication - self registration

Is there a reasonably standardised solution that allows external users to register on a forms/authenticated site? The codeplex Forms Based Authentication project (http://www.codeplex.com/fba) provided this for SP2007 but I have not seen any indication of a SP2010 solution yet. Andrew Wiles - www.it-workplace.com - MDX made simple

MVC Forms Authentication With Active Directory

Hi there,I am just getting started with MVC and I was wondering if someone could point me in the right direction for help with forms authentication using active directory? I have the sample site up but the results I have found on google have not been very helpful in answering this question.This site is going to be an intranet page that we want users to be able to access without logging in when they access it from our network while they must login when trying to access it from home.Any suggestions of where to start?

Where are cookies stored for Forms Authentication when debugging asp.net from VS and the asp.net dev

Hey all!   When I have my app-deployed on a server and login with forms authentication I see my cookie get's created in   C:\Users\<user>\AppData\Roaming\Microsoft\Windows\CookiesAnd it works great and everything!But when I run my application locally with the asp.net development server while debugging from Visual Studio, I NEVER see a cookie file get created in that location.   I'm using the same PC and the same version of internet explorer 8 on the production as I am development so I'm not sure what's going on here.   Does anyone know where cookies get stored when hitting http://localhost:<devport> ?

U?sing Forms Authentication and connecting between SSRS ans SSAS

In our current production environment, we have SSRS setup to use Forms Authentication to verify the users. For our data sources, we are using 2 different data models - 1 is used to point at the "raw" sql in the database - and the second model is to point at a SSAS cube. currently, all users can see all data. we now have a requirement to limit the data the a user can see from the Fact table dependant on the Portion that they are assigned to (and a user might be assigned to more than one Portion. we have set this new requirement in the "raw" SQL model using a security filter - and all working well we have set the filtering up in the cube  - using a stored procedure in the Role "dimension data" tab which receives the user name and retruns the MDX required for the filtering - and it works if we connect to the cube via SQL management studio. However, if we connect from Reporting Services, we can not get the UserName "transferred over" and therefore the filtering doesnt work. n.b. we are using Shared data sources for our reports does anyone out there know of a way of making this work - or do we go for Kerberos ??    
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend