All geek questions in one place

Deny all pages without logging into Asp.net Web Forms with Identity Framework and Owin

How to set up a web forms application with id and owin to refuse all pages except login?

This configuration in web.config does not work for me:

<system.web> <authorization> <deny users="*"/> </authorization> <authentication mode="None"/>

Error message: The query filtering module is configured to refuse a request where the query string is too long.

OWIN Launch Class:

  public void ConfigureAuth(IAppBuilder app) { // Configure the db context, user manager and signin manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, Usuario>( validateInterval: TimeSpan.FromMinutes(0), regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user)) } });

Project structure enter image description here

Edit:

In the web.config folder inside the account there is such a configuration.

 <configuration> <location path="Manage.aspx"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> </configuration>

This works for the Manage.aspx page.

I do not want to do this for every page. I want to add a global web.config site.

+5
source share
4 answers

This is a bug in the asp.net id with friendlyurls.

https://aspnetidentity.codeplex.com/discussions/571688

+2
source

I experimented a lot with Web.config and always had errors, as already described here. Then I passed it and just added a filter to Global.asax

 protected void Application_AuthenticateRequest(Object sender, EventArgs e) { string cTheFile = HttpContext.Current.Request.Path; if (!cTheFile.EndsWith("Login")) { if (HttpContext.Current.User == null || HttpContext.Current.User.Identity == null || !HttpContext.Current.User.Identity.IsAuthenticated) { Response.Redirect("~/Account/Login", true); Response.End(); return; } } }

This worked well for me, although I'm not sure if this is the best solution.

+1
source

You can simply configure it in your web.config as follows:

 <system.web> <authorization> <deny users="?"/> <allow users="*"/> </authorization> </system.web> <location path="Login.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location>

EDIT : added configuration for a string with a large long query

If your request is too long, you can add it to your web.config to solve this problem:

 <system.webServer> <security> <requestFiltering> <requestLimits maxQueryString="nnn"/> </requestFiltering> </security> </system.webServer>

I hope this fixes now.

0
source

if (User.Identity.IsAuthenticated) {Stay on the page} another {switch to another}

-1
source

Source: https://habr.com/ru/post/1206438/

More articles:


All Articles