Stack Overflow
Stack Overflow

Questions tagged [asp.net-authentication]

Questions regarding ASP.NET identity authentication methods

ASP.NET, in conjunction with Microsoft Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:

  • Windows: Basic, digest, or Integrated Windows Authentication (NTLM or Kerberos).

  • Forms authentication, in which you create a login page and manage authentication in your application.

  • Client Certificate authentication

ASP.NET controls access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.

ASP.NET Web Application Security

185 questions
3
votes
0 answers

Multiple B2C policies for securing different endpoints

In this post there is a discussion of multiple policies in B2C to secure different endpoints, thereby forcing someone to login again for more sensitive resources. This sounds great, and was echoed in this SO post where examples of Facebook or Google…
Bill Noel
  • 1,120
  • 9
  • 21
3
votes
0 answers

Login redirect on ASP.NET Core application with external login

I have an ASP.NET Core web application and I am decorating a few controller action methods with Authorize attribute. So, when I am not logged in, it doesn't do any redirect and only shows me a blank page for that controller action. I have gone…
user6542823
  • 1,396
  • 2
  • 14
  • 24
3
votes
1 answer

Rich Twitter Digits/Google Auth with OpenIdDictServer

Our app requires sign-in by either mobile number or Google. We are planning to Twitter Digits for mobile number authentication. The flow of registration and authentication as I understand is as below: Mobile app does rich authentication with…
Abhijit Ajmera
  • 235
  • 2
  • 12
3
votes
1 answer

Authorization for anonymous user (automatic authentication)

UPDATE: Unfortunately, a Windows reboot solved this issue -.- In our ASP.NET Core (1.0 RC2) application, we have the following requirement: only users from the internal network should be able to access some "Debug" pages (hosted by MVC Core). It's…
Matthias
  • 3,403
  • 8
  • 37
  • 50
3
votes
2 answers

ASP.Net - What is current best practice for tracking state and session variables?

We're creating a new consumer/public-facing ASP.Net web app. There are two concerns: --Use cookie or cookieless forms authentication? --If we decide not to use cookies at all, how would you store the data that would otherwise be stored in the…
alchemical
  • 13,559
  • 23
  • 83
  • 110
3
votes
2 answers

ASP.NET Forms authentication requires Anonymous enabled

I am working with ASP.NET application that uses Forms Authentication. However, if I turn off all authentication methods except for forms, I will get a HTTP Error 401.2 - Unauthorized When trying to browse any page. However, enabling Anonymous…
laconicdev
  • 6,360
  • 11
  • 63
  • 89
3
votes
1 answer

ASP.NET Web Api: authenticating using in memory hosting for Integration tests

I'm trying to get in memory hosting working for integration testing our web api project, but have hit an issue with authentication when using it. I have recreated this on a basic Web Api project using the default Web Api template and the values…
mutex
  • 7,536
  • 8
  • 45
  • 66
3
votes
1 answer

.NET 4.5 Membership Provider Database

I am using the standard ASP.NET Webform template and its membership provider. Specifically I am using only the external id services (Google, Microsoft, Facebook, Twitter). All these worked fine, until I decided to point the database away from the…
Old Geezer
  • 14,854
  • 31
  • 111
  • 198
2
votes
1 answer

In ASP.NET; How can I login from a remote HTML page into another ASPX page with ASP.NET Membership

I basically need to login into another domain that is using asp.net membership. If we have an ASP.net web application using ASP.Net Membership on one hand, and an HTML page from another domain on the other hand. Is it possible to login into the…
DAEMYO
  • 989
  • 8
  • 12
2
votes
2 answers

creating subdomains and Sharing authentication on 2 different project/solution/application

I am trying to create a website with subdomains in asp.net mvc. But I am not sure how to do this. When setting up this new solution in visual studio is it best to have a different project for each subdomain or have one project? There are obviously…
MikMark
  • 547
  • 1
  • 5
  • 17
2
votes
0 answers

.NET Core Web API : how to access user claims without using the HttpContextAccessor?

I have a .NET Core 3+ Web API with custom authentication. I refer to it in my startup like so: services.AddAuthentication(options => { options.DefaultAuthenticateScheme = CustomAuthOptions.DefaultScheme; options.DefaultChallengeScheme =…
John Lee
  • 1,357
  • 1
  • 13
  • 26
2
votes
2 answers

How to implement remember me functionality properly? Asp.Net Core

I have been trying for 2 days to know how to build remember me functionality, but there is nothing clear. First and foremost, I would like to make sure we agreed of the workflow of this properly as follows. I need here to allow users to open their…
MOHAMED ABUELATTA
  • 305
  • 2
  • 5
  • 15
2
votes
1 answer

ASP.NET Core - Using both Cookies and JWT for WebAPI

I've managed to configure JWT authentication for my ASP.NET Core Web API. It works when using Postman. I have also built an MVC admin section, that I want to log into. The guide I'm following to create the Admin section uses cookies and not JWT…
Scottish Smile
  • 455
  • 7
  • 22
2
votes
0 answers

Why is Microsoft Identity/AuthorizeFilter breaking cookies?

I am seeing behavior of cookies change in my ASP.NET Core app based on adding an AuthorizeFilter and can't figure out why. I'll try to explain as succinctly as I can. I created a sample app to illustrate it. In the Index() of my HomeController of my…
mannaggia
  • 213
  • 1
  • 9
2
votes
1 answer

Protect certain folders in wwwroot with authetication in asp.net core mvc

I have placed few folders having static content in wwwroot. For some folders i need that user is authenticated to view those. For this i have added code in Startup like below. app.UseStaticFiles(new StaticFileOptions() { …
Code one
  • 83
  • 9
1 2
3
12 13