forms-authentication

Allow access for unathenticated users to specific page using ASP.Net Forms Authentication

by

Take a look at the example on MS Support <configuration> <system.web> <authentication mode=”Forms” > <forms loginUrl=”login.aspx” name=”.ASPNETAUTH” protection=”None” path=”https://stackoverflow.com/” timeout=”20″ > </forms> </authentication> <!– This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. –> <authorization> <deny users=”?” /> </authorization> </system.web> <!– … Read more

ASP.NET MVC Forms Authentication + Authorize Attribute + Simple Roles

by

I think I’ve implemented something similar. My solution, based on NerdDinner tutorial, is following. When you sign the user in, add code like this: var authTicket = new FormsAuthenticationTicket( 1, // version userName, // user name DateTime.Now, // created DateTime.Now.AddMinutes(20), // expires rememberMe, // persistent? “Moderator;Admin” // can be used to store roles ); string … Read more

How to implement “Stay Logged In” when user login in to the web application

by

Java EE 8 and up If you’re on Java EE 8 or newer, put @RememberMe on a custom HttpAuthenticationMechanism along with a RememberMeIdentityStore. @ApplicationScoped @AutoApplySession @RememberMe public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism { @Inject private IdentityStore identityStore; @Override public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext context) { Credential credential = context.getAuthParameters().getCredential(); if (credential != null) { … Read more

Store/assign roles of authenticated users

by

Roles are added to the IPrincipal of the HttpContext. You can create a GenericPrincipal, parse the list of roles in the constructor and set it as HttpContext.User. The GenericPrincipal will then be accessible through User.IsInRole(“role”) or the [Authorize(Roles=”role”)] attribute One way of doing this (in C#) is to add your roles as a comma separated … Read more

How do I use my own database with SimpleMembership and WebSecurity? What is MVC4 security all about?

by

See the summaries below each quote for a quick answer, and the paragraphs for detail. Also see the References section at the end for the authoritative sources. Summaries 1.What is SimpleMembership/SimpleMembershipProvider (WebMatrix.WebData) and what is it/are they responsible for? SimpleMembership (a term that covers both the SimpleMembershipProvider and SimpleRoleProvider) is responsible for providing a clean … Read more

Page.User.Identity.IsAuthenticated still true after FormsAuthentication.SignOut()

by

Page.User.Identity.IsAuthenticated gets its value from Page.User (obviously) which is unfortunately read-only and is not updated when you call FormsAuthentication.SignOut(). Luckily Page.User pulls its value from Context.User which can be modified: // HttpContext.Current.User.Identity.IsAuthenticated == true; FormsAuthentication.SignOut(); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), null); // now HttpContext.Current.User.Identity.IsAuthenticated == false // and Page.User.Identity.IsAuthenticated == false This is useful when … Read more

Configuring Spring Security 3.x to have multiple entry points

by

You don’t need to create /j_spring_security_check_for_employee and /j_security_check_for_customer filterProcessingUrl. The default one will work just fine with radio button field idea. In the custom login LoginFilter, you need to create different tokens for employee and customer. Here are the steps: Use default UsernamePasswordAuthenticationToken for employee login. Create CustomerAuthenticationToken for customer login. Extend AbstractAuthenticationToken so that … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)