I'm upgrading user management pages of my old web forms project to use new Identity 2.0. This means introducing MVC pages within web forms solution but so far it does not seem to be a big issue. Most of the functionality works fine except when I'm trying to add external auth provider (Google, FCBK) to already signed in user. I'm working off Identity 2.0 sample app and my problem happens in equivalent of /manage/linklogin action within Identity 2.0 sample app.
In here, external auth provider (let's say Google) should be challenged by setting HTTP 401 into current response, resulting in a browser redirect:
Location: https://www.google.com/accounts/o8/ud?openid.ns=[edited out...]
However, what happens to me is that I only get redirected to a local login page:
Location: /Account/Login?ReturnUrl=%2fManageAccount%2fLinkLogin
Please note that the very same code is called when I try to register (i.e. user is not logged in, not authenticated) using Google account - so it is not an issue that I'd have app.UseGoogleAuthentication() set wrongly in Startup.Auth.cs.
I suspect "something" in the response pipeline catches StatusCode 401 set by Microsoft.Owin.Security.AuthenticationManager.Challenge() method before Owin.Security.Google auth middleware kicks in and set the proper redirect location, though I cannot find what that "something" is.
Anyone successfully imported Identity 2.0 into web forms project already?
More info on my issue can be found here: Identity2.0 Codeplex discussion
Please refer to this sample for ASP.NET Web Forms which shows the Identity 2.0 features https://aspnet.codeplex.com/SourceControl/latest#Samples/Identity/Webforms.Samples/
You should also make sure the order of registering the middlewares is correct. For eg. Cookies should come before Google
Yeah this was a challenge. You are correct in your observation of it's
behavior. The config info below resolved this issue for me.
The very bottom config tag that excludes the callback path caused
it to start functioning as expected for me.
<system.webServer>
<modules>
<remove name="FormsAuthentication"/>
</modules>
</system.webServer>
<system.web>
<authentication mode="None"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<!-- the callback path has to be open to anonymous so that owin can do it's redirect magic-->
<location path="signin-google">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Related
I've to enable SSO authentication on a Sitefinity application that before was using Form Authentication with a custom provider.
I've enabled it in the web.config
<authentication mode="Windows">
<!--<forms slidingExpiration="true" name="xxx.ASPXAUTH" cookieless="UseCookies" requireSSL="false" ticketCompatibilityMode="Framework20" timeout="180" />-->
</authentication>
<authorization>
<deny users="*" />
</authorization>
And when I try to access to a page I got the domain popup to appear. I insert mine credential but I go again the domain popup
I've cross checked everything but everything seems ok... what can be the reason I can't logon? and it falls me back as I've entered a wrong password?
I have the following structure for my web application:
In my root web config, not in the Areas/Admin/Web.Config I have the following:
<location path="Areas/Admin">
<system.web>
<authentication mode="Windows"></authentication>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
I have my own authentication working on the main root of the web site no problems by using the [Authorize] tag.
Now for the Areas/Admin I'd like to use Windows Authentication.
In IIS (Server 2008 R2 Machine), I have the Admin folder configured as an application:
And when I click on Areas/Admin in IIS, under Authentication, I have Anonymous disabled, and Windows Authentication Enabled.
However, when I attempt to access this folder via the web site, it does not prompt me for my domain username/password. It just loads up the page.
If I go to www.website.com/Areas/Admin, it then prompts me for the username/password. But I need it to use the AreaRegistration, and have it prompt when I go to www.website.com/Admin.
I've been able to configure an entire site as Windows Authentication, and that works like a charm.
Any thought to lead me in the right direction? Or, if you need more information, please leave me a comment and I will be more than happy to give you what I can.
From doing research, I found that the only way to make this work, is to create a 2nd "admin" site which runs as an application under the main site. Doing so, allowed me to setup permissions on that site.
I have a login page page that should be available to unauthenticated users. On my local ASP.Net dev server it all works well. However, when deployed on IIS 7, all static content such as pictures and scripts are not downloading. Only when the user logs in the first time does it return the pictures and scripts. The server returns HTTP 302 for unauthenticated users. I am using forms authentication & ASP.Net membership provider.
Step 1:
Make sure the appropriate directories ('Content' and 'Scripts' by default for MVC) have been enabled for 'Anonymous Authentication' in web.config (inside ) e.g.:
<location path="Content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Step 2:
Check that the 'IUSR' built-in account has read access to these directories. This user is used by default for all anonymous requests.
Note: You can change which account is used for anonymous access by editing applicationHost.config in C:\Windows\System32\inetsrv\config . On 64-bit machines this file can only be edited by 64-bit applications (i.e. not Visual Studio). Notepad works well. Make sure to take backups before you edit. You are looking for the next line:
<anonymousAuthentication enabled="true" userName="IUSR" />
I have an MVC3 Intranet app that uses Windows authentication. I'm now using a third party service that will make notification calls to my app. I've already created a listener for these API calls but not sure how I can allow anonymous access to that single view in my app.
My IIS7 settings are as follows:
Anonymous - Enabled <---------- Use Domain User
ASP.NET Impersonation - Disabled
Basic Authentication - Disabled
Digest Authentication - Disabled
Forms Authentication - Disabled
Windows Authentication - Enabled - HTTP 401 Challange
Additionally, in my web.config file, authentication mode is set to Windows.
With that said, is there a way to allow anonymous access to a single view in my MVC app?
Where path is your end url, add this your web.config.
<location path="MyController/MyAction">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
Or decorate the action with AllowAnonymousAttibute http://msdn.microsoft.com/en-us/library/system.web.http.allowanonymousattribute(v=vs.108).aspx.
So I have a MVC3 application that is using FormsAuthentication. When a user logins, it creates the ticket, and directs them to their dashboard.
On the controllers, I am using the [Authorize] attribute to make sure that the actions are executed by authorized personnel only.
However, there is a part of the site that a user is allowed to upload files. When the files get uploaded, the gets renamed to a random string with the correct extension (a guid without dashes).
How do I restrict unauthenticated and unauthorized users into this directory and to view these files based on the FormsAuthentication that I am using in the MVC3 environment?
Create a Web.Config file with following entries inside the folder which has the files.
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
This will prevent direct access to file in the folder for all users. Proved a UI to access the files. There you can check which files a user can access and prevent access to all files.
If you want to give direct access to the folder for particular set of authorized users then you need to add them to a role and give permission for that role.
<configuration>
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>