HTTP Error 401.0 - Unauthorized

c# session authentication iis

15,121

it sounds like the IIS configuration you are not hanlding the request/routing correctly so instead of using the MVC routes to pick the right controller IIS sees a path to a directory and throwns an unauthorized because directory listning is disabled.

How to set that up depends to some extend on the version of IIS you are running. From a technical point of view the configuration is basically the same but since the management console underwent drastic changes from 6 to 7. How to do it in IIS7(+) has been asked priviously and instead of rewritting the answer I think it serves the spirit of this community better to forward to the answer

15,121

Author by

Hamid Reza

Updated on June 04, 2022

Comments

Hamid Reza almost 2 years

I have these 4 classes:

public class Personal
        {
            public int Id { get; set; }
            public string Name { get; set; }
        }

public class LoginRepository
    {
        Context context = new Context();
        public Personal GetByUsernameAndPassword(Personal user)
        {
            return context.Personals.Where(u => u.Name==user.Name).FirstOrDefault();
        }
    }

public class LoginApplication
    {
        LoginRepository userRepo = new LoginRepository();
        public Personal GetByUsernameAndPassword(Personal user)
        {
            return userRepo.GetByUsernameAndPassword(user);
        }
    }

public class SessionContext
    {
        public void SetAuthenticationToken(string name, bool isPersistant, Personal userData)
        {
            string data = null;
            if (userData != null)
                data = new JavaScriptSerializer().Serialize(userData);

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddYears(1), isPersistant, data);

            string cookieData = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieData)
            {
                HttpOnly = true,
                Expires = ticket.Expiration
            };

            HttpContext.Current.Response.Cookies.Add(cookie);
        }

        public Personal GetUserData()
        {
            Personal userData = null;

            try
            {
                HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
                if (cookie != null)
                {
                    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

                    userData = new JavaScriptSerializer().Deserialize(ticket.UserData, typeof(Personal)) as Personal;
                }
            }
            catch (Exception ex)
            {
            }

            return userData;
        }
    }

And in my controller I have this:

 public class HomeController : Controller
    {
        LoginApplication userApp = new LoginApplication();
        SessionContext context = new SessionContext();
        public ActionResult Index()
        {
            return View();
        }
        [HttpPost]
        public ActionResult Index(Personal user)
        {
            var authenticatedUser = userApp.GetByUsernameAndPassword(user);
            if (authenticatedUser != null)
            {
                context.SetAuthenticationToken(authenticatedUser.Name, false, authenticatedUser);
                return RedirectToAction("Index", "Asp");
            }
            return View();
        }
    }

but the problem is this that even if I use a correct name for login I see this error:

HTTP Error 401.0 - Unauthorized You do not have permission to view this directory or page.

I think the session is not created. what should I do?