If a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
I have an XML web service where the authentication used is BASIC WINDOWS. Following is my client code to connect to the service.
[Code]....
Now, the issue is that the client is really authenticated only in the first attempt(First time I execute the code in VS). Further attempts succeed even if the code to assign credentials is commented or even after providing wrong user id/ password. I ensured that the server is hit each time(Just to make it clear that it not just because of client side caching).Is this the behavior of Basic authentication/credential cache. I would prefer the client be authenticated each time he hits the server.
I have a zealous network administrator who insists that we must use https on an intranet web application in order to safeguard user's credentials. The app is an asp.net web app that uses Windows Authentication to automatically identify users and log them in. There is no login dialog and user's never enter their login or password. The application does not process any confidential data, and the only rationale for requiring https is to "safeguard" users credentials. Additionally he stated that ntlm can be easily hacked.I responded with some information from an MS white paper on Windows Authentication that said it was the recommended way of authenticating users, and that user's credentials were safe because their passwords are not transmitted across the network when the application authenticates them since it sends a hash of the password.
Is it possible to bypass the NT challenge login, and just have a standard webform login, then authenticating programtically as that user and passing those credentials manually to my connection string so that the database sees me as that user?
I have set up a directory on my IIS web server that is protected by "Integrated Windows authentication". I want visitors to be required to enter a name and password to view files in the protected directory except if they are following a link to files in the protected directory from a certain page on my website.
I am doing this to try to get better protection from search engine spidering than is provided by using a robots.text file.
I am using ASP.NET 3.5 with VB. I am wondering if there is a way to pass the log on credentials to the IIS server via a link, or if there is a way to fill in the name and password for the login screen automatically, or something else that would work. It is OK if the login name and password are visible to the visitors.
I am using windows Authentication and accessing user name as. IIdentity winId = HttpContext.Current.User.Identity; string name = winId.Name; but i want to get other details like User full name and EmailID.
In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
We have an ASP.NET Web App, where we want to provide a link 'Sign in as a different user' on a page. Authentication mode is Windows. Went through a couple of articles (like setting the statuscode =401). We want to authenticate the user, and then redirect him to a specific page (say 'ReviewTask.aspx');
My ASP.NET app is using windows authentication. If I run the following code:
WindowsIdentity wi = (WindowsIdentity)User.Identity; foreach (IdentityReference r in wi.Groups) { ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value); } if (User.IsInRole ("Everyone")) Label1.Text = "Is in role";
The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false.
If WebApp is configured as Windows Authentication, how to get the user credential in code?How to create NetworkCredential using this exsiting user credential?
I am working on an application that uses windows authentication. Within this application, we give the user the ability to change their password. The user can change the password just fine. However, after they change their password, that is when things get weird. Sometimes they can navigate through the application just fine. Other times, they click on a link and are immediately prompted to supply credentials. Occasionly they can click on a link but upon a second click they are prompted to supply credentials. Does the browser keep a token to the original credentials and use this when they request the next page? If this is the case, why can i continue using the site sometimes? Can I change the password and then assign that token to the request?
I am evaluating ASP.NET Membership for an intranet Silverlight app. I want users to be automatically authenticated for my application with their windows logon. Thus I configured Windows Authentication. I would like to store user settings like email-address in using the SqlMembershipProvider and not AD. It seems that storing user settings using the SqlMembershipProvider is not supported with Windows Authentication. Is this really so (using .NET 4)?
If so: What is the rationale behind this? IMHO authentication, user settings and authorization are distinct aspects. User settings could easily be stored (identified by user name) using the SqlMembershipProvider with authentication and password management being supplied by Windows. What is the recommended solution for my scenario?
I have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
we are migrating existing windows form application to asp.net(3.5) intranet portal, there is a requirement whereby database connection should be made by the logged in windows user. Is it possible to achieve this functionality?
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
I'd like to use built-in IIS authentication with non-Windows accounts. There's this module that does that for basic authentication, but it in fact does both the authentication and credentials checking.The problem is I also need to support digest authentication and I could try to do it, but it would be a lot of hassle - I need to generate challenges ("nonces") securely, store them and check for replays, etc. - lots of things I can screw up and make determined attackers happy. So I'd prefer to reuse the digest authentication functionality in IIS, but use my own module for credentials validation. How can I do that?
1) I have an ASP.NET website which is the main entry point in the application.This website uses Forms authentication, which validates credentials (username/password) against a database. 2) Once logged on the website, the user is displayed a page containing several links which point to a Sharepoint 2007 application, where authentication is managed by an Active Directory. 3) Every user in the Active Directory is duplicated in the database managing the ASP.NET website authentication.
Is the above possible? Basically i need it as I am creating a site where users can upload files to a shared network drive which is secure and has a system account
When a user clicks on upload file, If possible I would like the page to automatically kind of log in with the system account, copy the files and then log off. I know I could achieve something similar mapping a drive but would prefer not to do that for these reasons;
- Security risk if the mapped drive for some reason isnt removed by the code