All Questions

566
votes
8answers
175507 views

ASP.NET MVC - Set custom IIdentity or IPrincipal

I need to do something fairly simple: in my ASP.NET MVC application, I want to set a custom IIdentity / IPrincipal. Whichever is easier / more suitable. I want to extend the default so that I can call...
26
votes
6answers
16960 views

Can some hacker steal the cookie from a user and login with that name on a web site?

Reading this question different users get the same cookie value in aspxanonymous and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way,...
131
votes
23answers
111989 views

FormsAuthentication.SignOut() does not log the user out

Smashed my head against this a bit too long. How do I prevent a user from browsing a site's pages after they have been logged out using FormsAuthentication.SignOut? I would expect this to do it: Form...
47
votes
3answers
33015 views

How to implement "Stay Logged In" when user login in to the web application

On most websites, when the user is about to provide the username and password to log into the system, there's a checkbox like "Stay logged in". If you check the box, it will keep you logged in across ...
235
votes
18answers
283412 views

How to get the current user in ASP.NET MVC

In a forms model, I used to get the current logged-in user by: Page.CurrentUser How do I get the current user inside a controller class in ASP.NET MVC?
25
votes
7answers
14753 views

Forms Authentication across Sub-Domains

Is it possible to authenticate users across sub-domains when the authentication takes place at a sub-domain instead of the parent domain? For example: User logs into site1.parent.com, and then we n...
10
votes
1answers
22941 views

How to lock down paths in ASP.NET MVC?

I'm playing around with MVC 4 for the first time to check out what's been changed/added/etc compared to MVC 3. To start off, I created a blank MVC 4 Web Application and started building from scratch....
60
votes
4answers
56406 views

Configuring Spring Security 3.x to have multiple entry points

I have been using Spring Security 3.x for handling user authentication for my projects, and so far, it has worked flawlessly. I recently received the requirements for a new project. In this project, ...
43
votes
1answers
38109 views

ASP.NET MVC 4 Web API Authentication with Membership Provider

I have an ASP.NET MVC 4 Project using the Web API. On the controller I have set the class to require authorization using the [Authorize] attribute. For Authentication I am using the ASP.NET Membership...
46
votes
8answers
56784 views

Mixing Forms authentication with Windows authentication

I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in a...

Previous Next