Enable Authentication In Webservice?
Jul 13, 2010How do I configure .NET webservice to require all consumers to supply credentials, then verify their validity against database table?
View 4 RepliesHow do I configure .NET webservice to require all consumers to supply credentials, then verify their validity against database table?
View 4 RepliesThis could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesI'm trying to enable a webservice to accept HTTPGet. I've done this in the past, but I have a feeling BlogEngine.NET may be interfering somehow. I've added these sections to web.config:
<system.web>
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
And my method has this signature:
[ScriptMethod(UseHttpGet = true)]
[WebMethod]
public void GetCurrent(string setupType)
Yet when I call the service, I just get the the WSDL description page. I'm trying to binary write a file to track numbers of downloads, so I have a rewrite rule to redirect what looks like a .zip file to my download service. The rewriting works fine as I see the WSDL file, but the method isn't invoked.
Does anyone have any pointers for implementing the following: I want to cheaply enable multi-factor authentication on an asp.net website. I want people to be able to use an app on their phone (iPhone at the very least) to generate the token used alongside their username/password to login to the site. I do not want the people to have to carry a third-party device/fob to generate the token.
View 3 RepliesI been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this.I have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database I try to connect tThis is the connectionstring I use:
Data Source=IPTOSERVER;Initial Catalog=Phaeton;User Id=User;Password=Password;errormessage
In my masterpage application i have "Integrated windows authentication" enabled and it works fine for Active Directory Users. but i have created some users in my aspnetdb and i want few users to login and use my application. But for created users in aspnetdb i can getting "windows login screen". means when users not on active directory try to access application instead of getting login page, they get windows auth login popup.
View 1 RepliesI have just started building an asp.net web service with visual studio 2005. However whenever i try and run the site i get this message, saying "debugging failed because integrated windows authentication is not enabled". I am at a loss of how to correct this problem.
View 1 RepliesI am developint an Asp.Net MVC3 web application, which will be available over intranet and internet for users.
For this sake I want to use dual authentication (Forms and Windows). Both authentications works perfectly separately.
Kindly let me know how can I enable both authentications for my single MVC3 site. Windows authentication for Intranet and Form based authentication for Internet user.Looking for your kind cooperation.
I have my iPhone app that calls an ASP.NET Webservice to download "data". Most of this needs to be protected, but currently the webservice that's deployed can be called by anyone who can figure out its URL, thus resulting in a complete loss of security.
The simplest form that I can think of would be for the phone to make a call over HTTPS including the username, password that the user logs in with, with every web service all. And each method will check to see if these credentials are correct before sending data to the user.
But this will result in an additional database call for every request to check if the user is authenticated, which is not very efficient.
I got a ASP.Net webforms app which is using Forms authentication. It needs to authenticate against a webservice which uses windows authentication (+ impersonation).
I've tried (amongst other things) to supply credentials by using:
service.Credentials = new NetworkCredential(myUserName, thePassword, theDomain)
The problem is that I get 401 from the webservice no matter what I try.
I'm having trouble with accessing my webservice.
I've got a webapplication and inside this webapplication I have a webservice. An external program is going to use this webservice in the future, but for now that is not the problem. this webservice is also called from inside the webapplication. this is where the problem starts.
I keep getting this error:
The remote server returned an error: (401) Unauthorized.
I tried with imporsonate= true, but it didn't work
[Code]....
the webservice is called like this:
[Code]....
I hope some one can point me into the right direction.
I'm using iis 7.5asp.net 3.5
I have a production web application that uses <authentication mode="Windows"/> I have added an .asmx page with a method in it. I'd like to test making calls to it from a separate client web app. When I do this I get the error: The request failed with HTTP status 401: Access Denied What do I need to do in my client app to access this webservice?
View 2 RepliesPinging back to a webservice in ajax from the client keeps the user's session alive, I don't want this to happen. More extensive summary For a website we're developing, we need the client to ping back (in js) to a webservice (ASMX) on the server (IIS7.5). This happens to let the server know that the user is still on the site, and hasn't browsed away to another site. This is as our customer wants to let users lock records, but if they browse away to other sites, then let other people take over those locked records. Perhaps the distinction between the client being on the site but inactive and on another site seems unimportant, but that's kinda irrelevant, I don't get to write the UI spec, I just have to make it work.
My problem is this, the ping stops the user from being timed out on the server through the standard forms authentication timeout mechanism. Not surprising as there is that 30 second ping in the background keeping the session alive. Even though we want to know if the user is still on the site, we want the normal forms authentication timeout mechanism to be honoured. I thought I might be able to fix this by removing the ASP.NET_SessionId and .ASPXAUTH cookies in the XMLHttpRequest that is the server ping, but I can't figure out how to do this. This is how my web service & method are defined:
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ScriptService]
public class PingWS : WebService
{
[WebMethod]
public void SessionActive(string sessionID)
{
// does stuff here
}
This is how I'm calling it in js (request is over HTTPS, :
$.ajax({
type: "POST",
url: "PingWS.asmx/SessionActive",
data: 'sessionID=' + aspSessionID + '}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Cookie', '');
xhr.setRequestHeader('Cookie', 'ASP.NET_SessionId=aaa; .ASPXAUTH=bbb;');
},
dataType: "json"
});
I was trying with the setRequestHeader, but that just appends to the header rather than overwrites the header, and IIS is happy to ignore that junk I added. I'm thinking maybe I should be trying to do this at the server end, someone take PingWS.asmx out of the loop so that it doesn't keep the session active, but I'm not sure how to do this. Although the title of the question is focused on clearing the cookie in the header, I'd be super happy if anyone points out that I'm being really stupid and there is actually a much better way of trying to do what I'm doing.
I'm thinking at this stage maybe I need to add something to the webmethod that says how long this particular page has been inactive, and use that knowledge to timeout manually. That actually sounds pretty easy, so I think I'll do that for now. I'm still convinced that there must be an easy way to do what I originally wanted to do though. Update I'm thinking I'm pretty screwed in terms of cookie manipulation here as both the .ASPXAUTH and ASP.NETSessionId cookie are HttpOnly, which means the browser takes them out of your hands, you can't access them via the document.cookies object. So I would say that leaves me with:
Updating my SessionAlive webmethod to track each request so I can tell how long the user has been sitting idle on a page and timeout if needs be Marking the .asmx page somehow on the server end so that it's taken out of the normal authentication/session tracking flow I know how to do 1. so I'll start there but 2. seems much cleaner to me.
How do I protect a webservice if it is called from ajax ?
Update: I realize that my question didn't reflect what I intended to ask. I don't want user to be able to do the request by pointing to it with its webbrowser but only in the context of my app.
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 RepliesI was created webservice which has a Method:
[Code]....
Then, in my aspx page, i call that method in javascript, but i get a Exception message is "Authentication Failed", code below:
[Code]....
How to resolve this problem?
I have the following code snippet :
[Code]....
With code behind :[Code]....
Why do I have to press the "Enable" button twice to enable a disabled ComboBox ?
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 RepliesI have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.
View 2 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesIn Visual Studio 2008 I have a Class Library project (called Media) to which I added a Web Reference (not a Service Reference) to a third-party web service (wsdl). In the Class Library project a proxy class is created for using the service along with several classes for the types used in that service.
I also have a second Class Library (called Sync) that references the first one. And then I have a Web Site project that references the second class library. All of this is .NET 3.5
So Web Site > Class Library (Sync) > Class Library with web service reference (Media)
I want to step into the generated code, so I fire up the web site in IIS 7.5 and trigger the call to a method in the second class library (Sync) that in turn should call the web service proxy. I was fully expecting to hit the breakpoint, but instead got an exception:
Unable to generate a temporary class(result=1). error CS0029: Cannotimplicitly convert type Media.WebService.multiValuedAttribute to Media.WebService.multiValuedAttribute[]
Why is ASP.NET trying to generate a temporary class? Don't I already have the generated class from the first Class Library (Media)?
'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a database which has form authentication tables for an website [let say website A], now I have attached a new website [Website B] to the same database, in this website [Website B] also I have to provide login/authentication which would be separate from the website A authentication system. So I want to have separate table for the users of new website. Specification:
[code]....
will there be any open source membership provider like we have .NET membership provider [form authentication].