ASP.NET grants access from the configuration file as a matter of precedence. In case of a potential conflict, the first occurring grant takes precedence. So, deny user=”?” denies access to the anonymous user. Then allow users=”dan,matthew” grants access to that user. Finally, it denies access to everyone. This shakes out as everyone except dan,matthew is … Read more
The ASPXAUTH cookie is used to determine if a user is authenticated. As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy. Then scroll down to the domain and expand it to see the … Read more
I realize this is an older post but I had the same error on IIS 8.5. Hopefully this can help another experiencing the same issue (I didn’t see my issue outlined in other questions with a similar title). Everything seemed set up correctly with the Application Pool Identity, but I continued to receive the error. … Read more
I managed to find the correct one. It is below. bool val1 = System.Web.HttpContext.Current.User.Identity.IsAuthenticated EDIT The credit of this edit goes to @Gianpiero Caretti who suggested this in comment. bool val1 = (System.Web.HttpContext.Current.User != null) && System.Web.HttpContext.Current.User.Identity.IsAuthenticated
In the RTM version of ASP.NET MVC, the Cancel property is missing. This code works with ASP.NET MVC RTM: using System; using System.Web; using System.Web.Mvc; using System.Web.Mvc.Resources; namespace ePegasus.Web.ActionFilters { public class CustomAuthorize : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext.Result is HttpUnauthorizedResult) { filterContext.Result = new RedirectToRouteResult( new System.Web.Routing.RouteValueDictionary { … Read more
Users can still browse your website because cookies are not cleared when you call FormsAuthentication.SignOut() and they are authenticated on every new request. In MS documentation is says that cookie will be cleared but they don’t, bug? Its exactly the same with Session.Abandon(), cookie is still there. You should change your code to this: FormsAuthentication.SignOut(); … Read more
If you need to get the user from within the controller, use the User property of Controller. If you need it from the view, I would populate what you specifically need in the ViewData, or you could just call User as I think it’s a property of ViewPage.
Here’s how I do it. I decided to use IPrincipal instead of IIdentity because it means I don’t have to implement both IIdentity and IPrincipal. Create the interface interface ICustomPrincipal : IPrincipal { int Id { get; set; } string FirstName { get; set; } string LastName { get; set; } } CustomPrincipal public class … Read more