Stack Overflow
Stack Overflow

Questions tagged [asp.net-authentication]

Questions regarding ASP.NET identity authentication methods

ASP.NET, in conjunction with Microsoft Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:

  • Windows: Basic, digest, or Integrated Windows Authentication (NTLM or Kerberos).

  • Forms authentication, in which you create a login page and manage authentication in your application.

  • Client Certificate authentication

ASP.NET controls access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.

ASP.NET Web Application Security

185 questions
79
votes
7 answers

Error renaming ASP.NET MVC project

I have copied a previous project and renamed it. Once I had successfully renamed all the name spaces and it build correctly. I got the following error when I ran the application: The following errors occurred while attempting to load the app. - The…
Zapnologica
  • 22,170
  • 44
  • 158
  • 253
68
votes
1 answer

What is the point of configuring DefaultScheme and DefaultChallengeScheme on ASP.NET Core?

I am learning how security works in ASP.NET Core 2.0 and IdentityServer4. I set up the projects with IdentityServer, API and ASP.NET Core MVC Client App. The ConfigureService method in the Client App is shown below. Here I am confused about…
Amal Shalika
  • 1,077
  • 1
  • 13
  • 22
30
votes
1 answer

MVC 5 Identity Automatic Logout

How do I implement an Automatic Logout Timer. So basically if the user is inactive for x minutes their session is ended? I have tried: But it doesn't seem to work. Here is code that is in…
Zapnologica
  • 22,170
  • 44
  • 158
  • 253
24
votes
3 answers

ASP.NET Identity "Role-based" Claims

I understand that I can use claims to make statements about a user: var claims = new List(); claims.Add(new Claim(ClaimTypes.Name, "Peter")); claims.Add(new Claim(ClaimTypes.Email, "peter@domain.com")); But how should I store "role-based"…
Dave New
  • 38,496
  • 59
  • 215
  • 394
14
votes
3 answers

Increasing session timeout to a week or more

In order to increase session timeout, it appears I would use the following setting: /* Etc... */ Here the timeout is set to 20 minutes (the default value). And, apparently,…
Jonathan Wood
  • 65,341
  • 71
  • 269
  • 466
11
votes
4 answers

Custom Login ASP.NET C#

I'm currently making a custom login in ASP.NET. I've modified the code of the Login Control to use my database instead of the Aspnet table. Here's a sample of my code; using System; using System.Data; using System.Configuration; using…
Loupi
  • 1,102
  • 4
  • 25
  • 42
11
votes
3 answers

How to best handle permissions (not roles) in asp.net membership, specifically in ASP.NET MVC

There are plenty of questions (and information) on setting up asp.net membership, role providers and the like. Whether or not you should use the built in platform provided by microsoft, or role extend the base classes and role your own. I have…
Joshua Hayes
  • 1,938
  • 2
  • 21
  • 39
11
votes
1 answer

ASP.NET Web Api (REST): Authentication using the users credentials or a token? Leave "Register new user" resource password free?

I am trying to create a REST service using asp.net web api and everything is working fine but I have now come across what to do with authentication. I am a little confused of where to start, here is what I have been thinking. I have an REST api that…
Martin
  • 23,844
  • 55
  • 201
  • 327
10
votes
0 answers

What is relation between AuthenticationScheme and IIdentity.AuthenticationType

How are they connected? I can use HttpContext.SignInAsync, and then HttpContext.User is set to provided identity, however I have one identity and multiple authentication ways - what if user login as Customer and then moves to AdminPanel?
Shadow
  • 2,089
  • 2
  • 23
  • 45
9
votes
3 answers

Response Content-Length mismatch: too few bytes written

My ASP.NET Core app uses "out-of-box" external login authentication. What I want to implement - on facebook challenge I want to wrap redirect url and return it as json to consume in jquery frontend. But after request ends I see 500 error in browser…
Yehor Androsov
  • 4,885
  • 2
  • 23
  • 40
8
votes
2 answers

IdentityServer4 logout

I am having an issue where I cannot seem to get my Identity Server logout to show the confirmation first. I downloaded the source code for IdentityServer4 from github and found the parameter in the Models folder: LogoutRequest.cs,…
JakeJ
  • 2,361
  • 5
  • 23
  • 35
7
votes
2 answers

How to get all users in a specific role?

How do i get all users from a specific role? var users = Membership.GetAllUsers(); gets all users in all roles. it returns a list of MembershipUser, but there is no role property. Thanks
Kenci
  • 4,794
  • 15
  • 64
  • 108
7
votes
4 answers

.NET Core 2 CookieAuthentication ignores expiration time span

I'm working on a .NET Core 2.1 Web application with CookieAuthentication. For some reason setting the ExpireTimeSpan and Cookie.Expiration on the CookieAuthenticationOptions object doesn't have an effect on the Cookie lifetime. Chrome always…
d03090
  • 354
  • 1
  • 5
  • 17
7
votes
1 answer

OAuthOptions.Scope Cannot Be Assigned To

I'm trying to implement LinkedIn/OAuth authentication in my ASP.NET Core 2.0 app and I need to set the scope to { "r_basicprofile", "r_emailaddress" } so that I can user's email, profile image, etc. When I try to set the scope in the following code,…
Sam
  • 26,817
  • 58
  • 206
  • 383
5
votes
2 answers

OIDC authentication in server-side Blazor

How can I use OIDC authentication in server-side Blazor? I used this method, but somehow it's not right because @attribute [AllowAnonymous] doesn't really work. So I used the [Authorized] attribute instead of [AllowAnonymous] and then removed…
mohammadmahdi Talachi
  • 439
  • 1
  • 7
  • 14
1
2 3
12 13