It seems that the FormsAuthenticationModule gets handled first. This module is normally earlier than any custom module in the ASP.NET pipeline, so when AuthenticateRequest is fired, FormsAuthenticationModule will get called first, do its job and then your module’s event handler will be called. If you really want to dig deep into this, I suggest trying … Read more
You’re right — that’s a typo in the template.
You can use the standard Internet application template with forms authentication and insert an ActiveDirectoryMembershipProvider into the web.config: <connectionStrings> <add name=”ADConnectionString” connectionString=”LDAP://YOUR_AD_CONN_STRING” /> </connectionStrings> <system.web> <authentication mode=”Forms”> <forms name=”.ADAuthCookie” loginUrl=”~/Account/LogOn” timeout=”15″ slidingExpiration=”false” protection=”All” /> </authentication> <membership defaultProvider=”MY_ADMembershipProvider”> <providers> <clear /> <add name=”MY_ADMembershipProvider” type=”System.Web.Security.ActiveDirectoryMembershipProvider” connectionStringName=”ADConnectionString” attributeMapUsername=”sAMAccountName” /> </providers> </membership> </system.web> In this way you get the … Read more
This is a solution for SHA1 variant. public static string GetSwcSHA1(string value) { SHA1 algorithm = SHA1.Create(); byte[] data = algorithm.ComputeHash(Encoding.UTF8.GetBytes(value)); string sh1 = “”; for (int i = 0; i < data.Length; i++) { sh1 += data[i].ToString(“x2”).ToUpperInvariant(); } return sh1; } For MD5 you only need to change the algorithm to: MD5 algorithm = … Read more
In Startup.Auth.cs, you will see something like: for RC: app.UseSignInCookies(); This was removed in RTM and replaced with the explicit configuration of the cookie auth: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString(“/Account/Login”) }); The CookieAuthenticationOptions class has a CookieDomain property which is what you are looking for I believe.
I had the same problem. Here’s how I solved it. In IIS7, click on your website, then double-click the Authentication button. Click on Anonymous Authentication, then click the Edit… link on the right hand side. Make sure the “Application pool identity” checkbox is checked. My application pool is running under the “Network Service” user (not … Read more
You can add user data to the FormsAuthenticationTicket, then generate the cookie yourself. There’s an example in the the MSDN documentation for FormsAuthenticationTicket. EDIT Note that when creating the ticket, you need to set the timeout, which in general you will want to be the same as the value configured in web.config. Unfortunately, in the … Read more
I would start by writing an interface and a wrapper class that will encapsulate this logic and then use the interface in my controller: public interface IAuth { void DoAuth(string userName, bool remember); } public class FormsAuthWrapper : IAuth { public void DoAuth(string userName, bool remember) { FormsAuthentication.SetAuthCookie(userName, remember); } } public class MyController : … Read more
You could use basic authentication with SSL. On the server side we could write a custom delegating handler which will verify the credentials by querying the memebership provider that we registered, and if valid, retrieve the roles and set the current principal: public class BasicAuthenticationMessageHandler : DelegatingHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) … Read more
Actually, you can do it. Bit late for @dr_draik, but this cropped up in a google result for me so I thought I’d share some knowledge. If you’re in classic mode – Enable both Windows and Forms auth. You’ll get a warning about not being able to do both at once, but you can ignore … Read more