ASP.NET MVC 5, Using ADMembershipProvider via Form Authentication shows me as always Logged in
I'm possibly missing something here because after setting up Web.config and my Controller to use ADMembershipProvider, Even with Global Filters for [Authorize] I'm always logged-in... I stepped through the code and noticed the following:
Screenshot from Layout
I'm connected to Corp domain, but my goal is to use Form Auth so that user need to Login with their AD Credentials and not auto authenticate; which seems to be the case.
[UPDATE] I disconnected my WIFI and the application still shows me that I'm Authenticated, I also attempted this in Private/Incognito Mode and no luck.
[UPDATE 2]
I forgot to mention a very important aspect of my front end, Its all Angular. The way I'm doing this is, Controller responds with the View. Once the view loads angular kicks in and downloads what is needed via $http.get or $http.post. I notice that the page renders fine but certain parts give me error at random times. For example I wen't to access a page and it loaded fine but the dropdown boxes didn't populate and when I looked closely at the data coming in it was the login page.. So it was attempting to redirect me.. How do i handle this? If thats the case?
Web.config
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
</system.web>
My Account Controller
[AllowAnonymous]
public class AccountController : Controller
{
public ActionResult Login()
{
return this.View();
}
[HttpPost]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (!this.ModelState.IsValid)
{
return this.View(model);
}
try
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
return this.RedirectToAction("Index", "Home");
}
}
catch (Exception ex)
{
//Fails if connection with LDAP can't be established.
this.ModelState.AddModelError(string.Empty, "Internal Server Error, please check your Internet Connection. Unable to connect to Network!");
}
this.ModelState.AddModelError(string.Empty, "The user name or password provided is incorrect.");
return this.View(model);
}
public ActionResult LogOff()
{
FormsAuthentication.SignOut();
return this.RedirectToAction("Login", "Account");
}
}
My problem was windowsAuthentication being on by default in IIS Express.
After testing this in a fresh Windows 7 Pro 64bit Install, I noticed that when I debugged the app it asked for username and password, for some reason this did not come up in my main machine (maybe it was stored?)
So I use my standard windows login credentials and was able to get to the page. This explains why @User.Identity.IsAuthorize always shows true, Its using my Local computer account to authenticate me. After researching this issue a bit longer I've found how to remove that and just enable anonymousAuthentication.
<authentication>
<anonymousAuthentication enabled="true" />
<windowsAuthentication enabled="false" />
</authentication>
I found KB-837139 which goes into detail on how to disable this.
How to use Internet Services Manager to disable Integrated Windows authentication in IIS 7.0
- Start Internet Services Manager.
- Expand the server that contains the Web site, the virtual directory, or the file for which you want to configure authentication, and then expand Sites.
- In the console tree, click the Web site or the virtual directory for which you want to configure authentication.
- In the center window frame, double-click Authentication.
- In the list of authentication types, right-click Windows Authentication, and then click Disable
- Exit Internet Services Manager.
In my case, I had to do it manually by going to the applicationhost.config which is located in C:\Users\UserAccount\Documents\IISExpress\config and opening up the file. I found it easier to load this up in Visual Studio and Toggle all Outlining. Then i found the following section and manually made the changes.
<location path="YourProjectNameIsHere">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</location>
- Why does 1.0/100.0 == 0.1/10.0 give True?
- How to organize the receive msg and user current input in C network such that it's clean
- Using inclusive scan syntax in OpenMP in the C language
- Unable to understand context in book "OOP in C" by Axel Schreiner
- How to dereference member from struct in which the definition is hid from user?
- variable-length array in struct with TI compiler in C (socket programming)
- A faster way to test 32bpp DDBs for a valid Alpha channel
- How can I compile the zephyr example-application as a freestanding application?
- Why does my forked process sometimes overwrite data in a file?
- Why in C can I initialize more values than the size of an array?
- _Generic in C needs typecasting?
- Declaring/defining an unused variable changes the output from an unrelated variable
- How to use gdb to explore the stack/heap?
- How can I read an input string of unknown length?
- Confused by difference between expression inside if and expression outside if
- Fast Arc Cos algorithm?
- Discrepancy of `unsigned long` size between llvm and gcc in riscv32
- GCC (C) - error: 'x' redeclared as different kind of symbol
- Why does GCC’s static analyser falsely warn that a pointer to an allocated memory block itself stored in an allocated memory block may leak?
- c language gcc compiler *.i file #3 "" 2 what is this?
- How to make clang compile to llvm IR
- Hashtable implementation in C
- EFI variables or config file on the EFI partition for EFI application?
- Pack high bit of every byte in ARM, for 64 bytes like AVX512 vpmovb2m?
- Calling an external C function (in a shared lib) from Perl with Inline::C does not work
- Can a C program detect if its own source code has been modified?
- Is this declaration UB?
- Eclipse C/C++ how to find variable belongs to which struct quickly
- Is this truly best way to delete last element in C?
- flint/arb.h: No such file or directory