Custom ASP.NET Authentication and Authorization Module
Hello,Forgive me if this question has been asked before but i couldn't find a proper answer to my queries so i am posting this question.I am thinking of developing a User module without the use of...
View ArticleAspNet Identity tokens in Azure
HiI have problem with AspNet Identity token validation in Azure. When my application is scaled to more than one instance they are not able to validate tokens generated by other instance. For example,...
View Articlehashing salt size
i adopt hashing for my new .net app securitymy understanding is the hash size is depending on the hashing/crypto algorithm used.what about the salt size? in my past projs, it's half size of the hash, i...
View ArticleCryptAcquireContext exception
internal class Crypt { [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] internal static extern bool CryptAcquireContext( ref IntPtr hProv, string pszContainer, string...
View ArticleCall IdentityServer action from API
I have a AdminController in IndentityServer4 project witch has an action [Authorize] [HttpPost("user/{id:guid}/roles")] public async Task<IActionResult> AssignRolesToUser(string id, [FromBody]...
View ArticleServer still thinks browser is logged on.
I have a situation where we are testing Request.IsAuthenticated, the session on the server is gone but this is not good enough to tell us if the session is also live. Is there a way to check the...
View ArticleAdding JWT security conflicts with existing authentication
I'm writing my first ASP.NET app (Core 2). My goal is to have an ASP.NET app, that users can log into (login page, cookies, credentials stored in SQL Database), *and* have an API using JWT...
View ArticleEncrypt connection sting
Hi folks, how do you encrypt the connection sting on the server, I don't have access to the Developer Command prompt to run aspnet_regiis.Do I need to install VS on the server?
View ArticleImpersonate as Active Directory user in Windows Azure Web-App
HelloFirst of, I hope this is the right section. If not, feel free to move the thread.What I'm trying to accomblish: I have an Azure Web-App that has to be able to create AD Accounts in my on-prem...
View ArticleCreating custom error message when providing expired Refresh token(OAuth2.0)
Hello all,I'm trying to figure out if there is any way to provide a custom error description and custom https status code when we request a bearer token with expired Refresh Token. Authentication:...
View ArticleCould not redirect to external page after already authenticated OpenID...
Hi, I could not redirect user to external page if the user is already autheticated. The browser ends up in http://localhost:52500/Home/LoginPlease help[HttpGet] public async Task Login() { if...
View Articlepassword encryption using Salt and Hash technique
I tried encrypting my password field as shown in this post. https://stackoverflow.com/questions/883371/effective-password-encryptionWhat I am trying to is generate random salt for every password and...
View ArticleLogin Failed for "DOMAIN\MACHINENAME$" in production system if user is idle...
Hi, I have an Asp.Net project which uses SQL database using EF. I use Role based authorization while performing few operations like Create, Edit functionalities which requires database...
View ArticleOverwriting cookie
Dear .net Experts,I wrote a little script to overwrite one of my cookies and I noticed whatever I type as the domain it really doesnt matter, the domain is always shown in the cookie was my host +...
View ArticleAllowing Anonymous Users for the whole site while restricting a folder to...
Hello, There's an existing ASP.NET web forms site that was previously working with Anonymous Authentication. All pages are accessible to the general public. I have been tasked with creating a new...
View ArticleHow to Customize the Identity in ASP.net Web Froms Application?
HelloI created a new ASP.net Web Form Application, and I am using the .Net Identity Framewrok.I want to make the email (optional) at registration, I found that I need to modify the...
View ArticleClaims created by Web Service available to Application
HiI need some advice regarding Claims. I have a series of web services in a project which are consumed by several other projects in the solution. We need to keep all business logic within the web...
View ArticleAspNet Identity MVC - How to catch Signed In Event
I am using ASPNet Identity 2.0 (Full framework, not the core framework) and MVC. I would like to execute C# code once the user successfully login to the site. i know that i can write some code right...
View ArticleWIF - COMPLETE EXAMPLE WITH MANY APPLICATIONS
HiThe scenario is in case that I have many applications (many solutions), a Windows Identity Foundation and a unique database.I would like to have an example with Windows Identity Foundation in which I...
View Article