asp.net mvc - Redirecting Users from Unauthorized Page -


i have mvc application converted authentication/authorization method forms federated. works fine, on home page have create cookie authorization of rest of site work properly. when users navigate home page first works great, if navigate different page first authorization required 401 unauthorized error page.

when had forms authentication implemented redirect users unauthorized login page, federation no longer have login page redirect home page. forms authentication redirection automatic, how setup similar federated application?

here federated portions of web.config relevant. again, federated authentication/authorization works, unauthorized redirect isn't.

  <system.web>     <customerrors mode="off"/>     <authentication mode="none"/>     <authorization>       <deny users="?"/>     </authorization>      <membership defaultprovider="admembershipprovider">       <providers>         <add name="admembershipprovider" type="system.web.security.activedirectorymembershipprovider" connectionprotection="secure" attributemapusername="samaccountname" connectionstringname="adconn" connectionusername="uname" connectionpassword="pass" />       </providers>     </membership>     <rolemanager enabled="true" defaultprovider="activedirectoryroleprovider" cacherolesincookie="true" cookiename=".adlibraryroles" cookiepath="/" cookietimeout="1440" cookierequiressl="false" cookieslidingexpiration="true" createpersistentcookie="true" cookieprotection="all">       <providers>         <clear />         <add name="activedirectoryroleprovider" connectionstringname="adconn" connectionusername="uname" connectionpassword="pass" attributemapusername="samaccountname" type="myapp.activedirectoryroleprovider" />       </providers>     </rolemanager>   </system.web>   <system.webserver>       <modules>         <add name="wsfederationauthenticationmodule" type="system.identitymodel.services.wsfederationauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" precondition="managedhandler"/>         <add name="sessionauthenticationmodule" type="system.identitymodel.services.sessionauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" precondition="managedhandler"/>       </modules>   </system.webserver>   <system.identitymodel>     <identityconfiguration>       <audienceuris>         <add value="https://fed.example.com/"/>       </audienceuris>       <securitytokenhandlers>         <add type="system.identitymodel.services.tokens.machinekeysessionsecuritytokenhandler, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/>         <remove type="system.identitymodel.tokens.sessionsecuritytokenhandler, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/>       </securitytokenhandlers>       <certificatevalidation certificatevalidationmode="none"/>       <issuernameregistry type="system.identitymodel.tokens.validatingissuernameregistry, system.identitymodel.tokens.validatingissuernameregistry">         <authority name="http://myfedservice.example.com/adfs/services/trust">           <keys>             <add thumbprint="mythumb"/>           </keys>           <validissuers>             <add name="http://fed.example.com/adfs/services/trust"/>           </validissuers>         </authority>       </issuernameregistry>     </identityconfiguration>   </system.identitymodel>   <system.identitymodel.services>     <federationconfiguration>       <cookiehandler requiressl="true"/>       <wsfederation passiveredirectenabled="true" issuer="https://fed.example.com/adfs/ls/" realm="https://fed.example.com/" reply="https://fed.example.com/" requirehttps="true" persistentcookiesonpassiveredirects="true"/>     </federationconfiguration>   </system.identitymodel.services>

you can configure in wsfederation section, see msdn further details. setting “passiveredirectenabled” true, wsfederationauthenticationmodule @ outgoing responses, trying find http 401s. if finds 401, modify response , turn redirect sts. please note in production want change requirehttps true.

<system.identitymodel.services> <federationconfiguration>   <wsfederation passiveredirectenabled="true"      issuer="http://localhost:15839/wsfederationsts/issue"      realm="http://localhost:50969/" reply="http://localhost:50969/"      requirehttps="false"      signoutreply="http://localhost:50969/signedoutpage.html"      signoutquerystring="param1=value2&amp;param2=value2"      persistentcookiesonpassiveredirects="true" />   <cookiehandler requiressl="false" /> </federationconfiguration>

please note need add these modules:

<modules>   <add name="wsfederationauthenticationmodule" type="system.identitymodel.services.wsfederationauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" precondition="managedhandler" />   <add name="sessionauthenticationmodule" type="system.identitymodel.services.sessionauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" precondition="managedhandler" /> </modules>

and following config sections:

<configsections> <!-- more information on entity framework configuration, visit http://go.microsoft.com/fwlink/?linkid=237468 --> <section name="system.identitymodel" type="system.identitymodel.configuration.systemidentitymodelsection, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" /> <section name="system.identitymodel.services" type="system.identitymodel.services.configuration.systemidentitymodelservicessection, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" />


Comments

Post a Comment

Popular posts from this blog

Email notification in google apps script -

https://support.google.com/docs/answer/91588?hl=en i have sheet the cells filled in data pulled via apps script, website. pull in exact same data, not. on old sheets version use able emails when data "changes" different value. new sheets, email when new data pasted cells, though exact same data......and, can't set @ ranges anymore, entire document. there easy way watch cells when data changes, , email myself? this looks lot you're trying do. for checking whether value has changed after edit, this gives necessary information it. hence, know whether new value same 1 or not. implementing "workaround" talked in second link, able compare , send email myself if value changed. initiate onedit trigger goes off onedit function uses these lines after checks in place have passed. var email = "xyz@whatever.com"; mailapp.sendemail(email, "triggermail", "a change has occurred in sheet"); note: sends "notification...
Read more

c++ - Difference between pre and post decrement in recursive function argument -

i have following sample code used pre-decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(--c); cout << c << endl; return; } } this function give output input 4 : dp3 dp2 dp1 dp0 0 1 2 3 but when use post decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(c--); cout << c << endl; return; } } output goes in infinite loop dp4 can explain me in detail why happens ? this happens because function(c--) called same value of c , when finishes c decremented. recursively called, hence called same value no chance of return , hit stack overflow error. assume this, int x = 1, y = 0; y = x++ result y == 1 , x == 2. if y = ++x , bot x , y 2.
Read more

javascript - IE11 incompatibility with jQuery's 'readonly'? -

the code i'm running has no issues in firefox, or chrome. user typing 1 textbox, tabs next , can continue typing that. when run webpage on ie11, user tabs next textbox , can't type in. textbox has double-clicked before user can insert anything. i've googled , seems ie give problems when using older jquery (i.e. prefers 'prop' 'attr' ). in code below jquery's readonly keyword being used in way ie11 no longer recognise/accept? i assume issue readonly , removeclass('ignore') working expected. //when focus on textbox 1 $("#field1").focus(function() { //remove readonly property textbox 1 $('#field1').prop('readonly', false).removeclass('ignore'); //add readonly property other textboxes $('#field2, #field3, #field4') .prop('readonly', 'readonly').addclass('ignore').val(''); }); i'm using jquery 2.1.3 ...
Read more