Security :: AspNetWindowsTokenRoleProvider Not Working?
Mar 9, 2010
I have a basic c# web application that I'm developing. I want to have users be authenticated based on their Windows domain logons, without actually logging in to my application. So, I configured my application to use the AspNetWindowsTokenRoleProvider per this article. This is what I did.
Set <authentication
mode="Windows" /> in web.config.
Added <roleManager
enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider"
/> to web.config directly under #1.
Created Windows groups on local machine. Added Roles.IsUserInRole(@"Windows Group Name") to code behind.
However, the IsUserInRole() function is always returning false. I've tried verifying the Windows group name, have verified that I'm in the group, etc. and it still won't work. Does anyone know what I'm missing?
I have a login control that is working beautifully on my localhost, but not working on the server. It validates my username & password - and gives me an error if I enter an invalid username/password. However, if I enter the correct username/password, the page refreshes, but does not redirect me to the "ReturnUrl" that I see in the URL. I've seen posts on this, but nothing that I tried worked. I've tried setting the 'MembershipProvider'attribute of the login control. I don't want to set the DestinationUrl...I want it to take what is in the ReturnUrl in the querystring. I don't think it's a web.config issue cuz it works on localhost??
look at the pic guys, im using visual studio 2010, and sql server 2008, the password field should turn into md5 code, but its not working, it changed into system.data.
I've added the identity tag for impersonation. I've configured my site under IIS 5.1. The identity i've added is my domain username/password. But when I run any exe file from my asp.net file, it still runs under "aspnet" user name.
I am using impersonation in my ASP.NET application to access network resources. It works fine when I run on my computer, however when I setup the site on IIS6, it does not work. Is there some extra configuration, I need make in IIS for it?1. I created an account "TestUser" with the privilege as "act as operating system" on a server that has the resources which I want to access.2. The impersonation works fine on my computer, when I run from visual studio. My computer is on the network under same domain where the "TestUser" is created.
I have a home.aspx page on which there is a register button. When the user clicks the register button, I used Response.Redirect to navigate the user to Register.aspx page.
Upon finishing the registration for a new user, the user is automatically getting redirected to the default.aspx page in a logged in state. However, I want that the user be returned to home.aspx page without being logged in..
There are 2 issues.
1) I have tried to use ContinueDestinationPageUrl property and set it to login.aspx page in the register.aspx page like this
2) How can I make sure that the user returns to the home.aspx page without being in a logged out state so that he has to put his credentials to login once he is registered.
I have done forms authentication a couples of times before but this time I cant get my head around something.Somehow altough the user authenticated,the destination page does not get this.The destination page is called Approval.aspx and is located in the /Admin directory which is secured by having its own web config with those settings:
[Code]....
If I remove the <deny users="?" />,then everything works fine but obviously everyone has access to that page.I only want that the user of role Admin can access it. I have implemented the standard VS 2010 login controland the user gets to the destination page with a response redirect:
[Code]....
Why does the destination page not realize that the user is authenticated and does not treat the useras a user in role "Admin"?
[Code]....
While debugging the login page I can see that the user has the right role "Admin".
building a site and the client wants an admin page, so that he can login and change passwords, delete users or create users.I have 3 subs, one for creating, one for deleting and one for changing passwords. The create user works fine. The delete user works fine but on the changing password is where I have the trouble. Here is the code:
I am working on a new application that will feed off my application's DB that was written with .net 3.5 (really 2.0, since thats where the aspnet_regsql.exe lives)... I open up the application settings page on my old VS2008 application, and see all my 4000+ users, but if i link the membership to that database in VS2010 with asp .net 4.0, it shows 0. I have verified the connections, and i also noticed there is a net aspnet_regsql.exe in the 4.0 framework folder.
Is there any way to make the old membership work, or a way to migrate my users? If not, i would think this would cause a LOT of issues with many .net applications with many forms based users.
give me a working snippet for logout..I'm fed up of using all session.abondon() bla bla.. Even after logout wen i click back button i can view my page.. How to over come this..
Here I am using forms authentication and I have used an access database. I have put the db in App_Data folder and declared the connectionstring in web.config. The problem I am facing is that when I request any page without logging in the browser displays the requested page. At the bottom of the page there is a script error when I check the details it says Sys is not defined. Has this something to do with this issue??
In web.config file I have added the following lines in the <system.web></system.web> section.
On login button click after comparing userid & password I am using the foll stmts:-
If code = 0 Then ' code 0 means match for userid and pwd FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False) Else Response.Redirect("~/Default.aspx") End If
I have created a self signed certificate for IIS6 for my app. App works fine when I access it from the web server. But when I access the app from client machine it gives an error "The connection has timed out" on IE, and on Firefox it does not load the page.
I am working on an e-commerce project using ASP.Net and C#.Net (Visual Studio 2005-Windows XP).
I am facing problems in the login module. I created the login accounts using the roles and users in the ASP.Net Website Administration Tool. The login module is working fine when I test the website within the Visual Studio. I mean the login form is working properly under the Development Server integrated in the Visual Studio. What I want is to make this work properly under IIS (i.e. the Production Server). When I deployed the project to the IIS, the login form with the login control is displayed, but cannot login and gives a login failed message. . I have searched about this issue in Google and they are providing good tutorial links to solve this issue. Even after reading those I couldn't solve this as I am new to Web Development. Can you provide me a sample source code with the web.config and also a description of the major steps in configuring IIS to support the role based login?
I had gone through the following titles under google
"Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers".
I am trying to use the asp.net contol recover password in my web page I cna load the page and enter the username and answer to the question fine but when I click on the submit button I get an error message saying System.Net.Mail.SmtpException: The operation has timed out
the stack trace is
[code]....
I have only put the recover password control on the web page I havn't added any formatting or code and all the other emails I have set to send work fine so can't see why the smtp setting would be wrong for this unless I need to add some code to my page.
I've found this article on enabling windows authentication within an intranet ASP.NET application. I did exactly what the article says, and when I go to the page on the server all it does is prompt me for a username and password, which I would assume means that it is seeing me as an anonymous user and not a windows user (which is not true).
In my application on the IIS i have the "Integrated Windows Authentication" box checked and this is what I have for my web.config file:
[Code]....
I've also tried this before and got the same results:
[Code]....
I have no idea what I need to do to get this to authenticate correctly. I've been banging my head off a wall for the past 2 days on this issue.
I have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
I have tried everything all day and cannot figure this out.
I tested the Insert Statement in MS Access and it works.
INSERT INTO user ([user_login], [email], [create_date]) VALUES ('user67', 'suesargis@yahoo.com', '11/15/2010 8:18:14 PM';
So how do I add the apostrophes in the string below to get the above when using executenonquery.? The string produces everything ok but it is missing the apostrophes.
I know that the login controls provide some powerful "straight out of the box" functionality for creating functionality for storing and logging in users. However, all of this fucntionality seems to be based upon having a unique username, and the users email address is stored separately. The login control, http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.aspx, automatically creates a database http://msdn.microsoft.com/en-us/library/ms178329.aspx#the_login_control to store the user information, and looking at the table definitions, there are separate entries for the username and password in different tables.
I was hoping someone could run me through how to get the login control working properly on my website. I have seen many people's posts on a similar issue, but nothing seems to have worked, and I think I may have been doing something wrong.
Here's what I've done:-
MY SETUP
I am using my laptop with Windows XP Professional Edition, which is running IIS 5.1. I have setup my system with the Web Platform Installer, which uses Visual Web Developer and SQL Server Express 2008.
I added a database in SQL Management Studio, and created an ASP.NET Membership Schema to it using the aspnet_regsql.exe tool. In my web.config file, I created a connection string to this database used both in the code, and with the asp membership.
According to all tutorials I have seen on the ASP.NET login control, I am using <authentication mode="Forms"> in my web.config.
TESTING:
When I run my website via debugging in Visual Web Developer, everything works fine. I can view my site, log in, and it all works as expected.
MOVING TO IIS:
I have set up my site in IIS 5.1, and can access my site through a browser by going to ttp://website.local, as set up in IIS and my hosts file. The site comes up fine, but when I try to login through the login control, I now get the error:-
Cannot open database "ManagementCentral" requested by the login. The login failed. Login failed for user 'LAPTOPASPNET'.
FIXING ATTEMPTS:-
I have looked through numerous posts and blogs saying that to fix this, I need to grant database access to my ASPNET user, or set up 'impersonation'. The problem is, as you can tell by my connection string, I don't actually have a user called 'ASPNET'. I have checked this in my database.
I tried adding a new user, which has a SQL Server Authentication and password, and db_owner access to my 'Management Central' database. I then added this information into my web.config connection string, which now looks like this:-
I'm testing this on my local dev environment using Cassini and on a test web server running IIS 6. Both systems/sites work the same way and allow anyone access to any page. Both systems/sites also return correct data when programmatically checking Roles.GetRolesForUser and User.IsInRole.
I am having problems getting my asp:CreateUserWizard FinishDestinationPageUrl to work. I have an OnCreatedUser method that is firing just fine, but after that, it just stays on the same page.Here is the markup:
[Code]....
When users register, I want them to go to a default page, unless a return url has been passed in.