Does anyone have an example of authenticating through a webservice ?I have a website that allows users to login in using the <asp:Login> control.After they are authenticated I want them to use a webservice to add records, modify records. (The web service will be used later by external sites).I have a webservice up and running which the aspx page "authenticates" to using Profile.UserName.Is there a way to get the aspx page to send the username and password used at log on without having the user enter it each time ?And then how do I authenticate them ? (maybe using Membership.ValidateUser ?)
I have an ASP.NET 3.5 Web Application using the Default membership provide provided by .NET - I have created a login page and create user page, etc. etc... The problem is, if you're on the site and you are authenticated, and then you go to a link on the same authenticated folder (Called MemberPages) but you go to a SSL location, it asks you to enter your username and password again! Is there anyway to fix this bug.HomePage -> Login.aspx -> Enter your username and password -> Access MemberPages/Default.aspx -> Then a link called Purchase a Product -> suppose to take you to[URL]
I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.
I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?
From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?
I have a website that requires users to login, but I am having problems when authenticating a users.I create a user which works fine, I then test the login on the development machine and everything works fine the user is logged in.But if a try to login the user in via the live website (same database) I get errors stating that the login attempt has failed.I don't understand why it would work on the development machine but won't work with the live version of the website.
I am using Login control and validationg the user against SQL datasource. below is the code:
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate e.Authenticated = IsValidUser()If IsValidUser() = True Then Response.Redirect("Orders.aspx")End If End Sub Here is IsValidUser Private Function IsValidUser() As Boolean Try Dim sql As String = String.Empty Dim RecCount As Integer = 0 sql = "Select count(*) from UserLogins where UserName='" & clsDB.RemoveQuote(Me.Login1.UserName.Trim) & "'" sql = sql & " AND UserPass='" & Me.Login1.Password.Trim & "'" RecCount = clsDB.ExeScalar(sql) 'If Invalid ==> 0 means no record is being returned by Query If RecCount = 0 Then IsValidUser = False 'MessageBox.Show("Invalid User Name/Password.", "Invalid", MessageBoxButtons.OK, MessageBoxIcon.Stop) Exit Function End If If RecCount = 1 Then IsValidUser = True Exit Function End If 'Error handler Catch ex As Exception End Try End Function
Here comes the problem validation code is working fine and it validates the user and redirects the user to the "Order.aspx" page
For example: I type Login Name: Nashy Password: 1234
Order.aspx page has a textbox which supposed to display the current user login name and i am usiong the following code for that
when i test it on my local PC it shows the current user like this DOMAIN ashyMastrew.. what i want that the textbox should disply "nashy" not my current windows login name. and when i deploy it to the server and access it from other pc textbox does not show anything.
For my current project I am using form authentication.What occasionally will happen is a user will timeout (unbeknownst to them),they try navigating to a different page (call it Page B) and they get kicked back to the login screen.This is fine and I have no problems with this.
However,after they enter their credentials and are authenticated they are redirected back to "Page B" and an error is produced because a session variable wasn't loaded. This is due to the fact that they were redirected to "Page B" instead of the page they would normally hit after a login (call it Page A).Is there anyway to force the user to go to Page A instead of Page B in these situation to avoid these errors?
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
Since I start hating postbacks, I use WS or PageMethod for every client to server process. I did same for Logout but Im not sure in this.
I wrote code like this
//In WS
[Code]....
//on aspx
[Code]....
everything working fine, but I have some kind of feeling that I'm missing something(like calling any other method) ? I just wanna make sure as its for security purpose.
We are working with a vendor to develop a mobile app and plan on using WCF services to handle operations. What are some types of authentication I can use with a WCF service? Would we send a user name and password through the SOAP header? How can we accomplish this securely?
Also, this will be authenticated against our .NET membership database using the Membership classes.
I've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?
Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.
I have a website that requires a login. I'm used the login wizard in asp.net 2008. The site is in vesion 2.0 as that is what the hosting company allows. The login scipt apprears to work appropriately in that if the the wrong username or password is entered the error appears and the url for the login page doesn't work. Once the correct identification info is entered, the user is taken to the correct url.
The problem is that the username does not seem to "stick" for lack of a better word. The site is used to order wedding photos. The user selects the photos and all the required date EXCEPT the user name is entered into the database. This is a problem since there is no way to filter the order when the person goes to the shopping cart therefore the shopping cart opens with no product in it. To make matters more frustrating, IT USED TO WORK! I don't understand why its not working now.
The hosting company, 1and1.com has looked over the code and can't find anything wrong with it. Their one suggestion was to add the following "patch" code to the web.config file as a "work around", and if that didn't work to try using vwd 2010. I'm hesitant to do that since I've not used it before and don't want to make matters worse.
I'm including my web.config page as well as a sample of the code behind to see
I am really new to webservices and ASP, so excuse my noobiness in advance ;I am making a webservice which displays stock availability from a table in a db when given the ProductID number.The problem is that I am required to do a SOAP authentication as well.
[Code]....
From the above, you can see that I am using Auth.username and Auth.password which is a authentication class I created with two string arrays that contain login details. If one username matches it's correponding password then logon is allowed else declined.Now that I reached here, I need the web service to validate if logon details are correct through a table called tblStaff which contain attributes "username" and "password". Doing it with an array containing predefined details through code is easy, however by checking each "username" and "password" from tblStaff... /confused
How can we implement security in case of asp.net webservice ? as per my knowledge, we can implement security by the following ways -
1. IIS authentication
2. Form/Passprt/Windows Authentication in web.config file of the webservice solution. is there any other way to implement the security in webservices ?can we implement security at web-method level ?
I wrote a web service sometime back, and uploaded to one of our network Server's IIS. The webservice needs to access a network folder, which was working perfectly fine till a month ago. Now, when we use the webservice in our .Net application, it fails with the exception message "Access to the path '\<networkMachine ><Folder >' was denied" (may be some group policies changed). But when I run the webservice from my local machine's Visual Studio debugger, it can access that folder. What could be different on the server's IIS w.r.t. my service? Why was it able to access the network folder before but not now? Please note that I can manually access that shared network folder from my machine, and also when I remote desktop to that <networkMachine> from windows explorer.
I saw in the task manager on the server that the IIS process w3wp.exe is running under 'NETWORK SERVICE' account. Though the network folder is not shared specifically with this account, but that has given read & execute access to 'Everyone'. Then what is the problem that it cannot access the folder. By accessing I mean creating a 'DirectoryInfo' object of the path '\<networkMachine ><Folder >' and reading all the subfolders - just read.
I am using Asp.Net application for calling an existing Java webservice. Recently the web service is configured with Security certificates. Now I need to call the webservice using "https:URL .." and by passing the credentials i.e. UserId and Password.
When I call the webservice using [URL] I get the below error. Is the change in my code is causing this error?
Error:Client found response content type of 'text/html; charset=iso-8859-1', but expected 'text/xml'. The request failed with the error message: --
500 Internal Server Error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. contact the server administrator, you@your.address and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
I've got a webapplication and inside this webapplication I have a webservice. An external program is going to use this webservice in the future, but for now that is not the problem. this webservice is also called from inside the webapplication. this is where the problem starts.
I keep getting this error:
The remote server returned an error: (401) Unauthorized.
I tried with imporsonate= true, but it didn't work
[Code]....
the webservice is called like this:
[Code]....
I hope some one can point me into the right direction.
I am using the Login Control and the Login.aspx page for Login authentication. How can I call login from another page or a webservice method with a Userid and password parameters.
I used your url...to read mail and I downloaded your project when I run project I filled my gmail credential : smtp.gmail.com, uid, password and port=995 and checked SSL but I gor error.You cannot get the message count without authenticating yourself towards the server first.
I hace created a webservice, that is on one server and then I created a web application on another server to consume that webservice. My web application uses threading. In my web application, I call the webservice and it returns me the response. Then my thread sleeps for 20 minutes and then it again calls webservice, but when i call the webservice second time , it fails. Here is the error and stack trace:-
Stack Trace:- at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at TransactionExport.LocalWebService.TransactionExportStaging.GetDays(String projCode) in C:inetpubwwwrootTransactionExportWeb ReferencesLocalWebServiceReference.vb:line 102 at TransactionExport.TransactionExport.LoadDays() in C:inetpubwwwrootTransactionExportExport.vb:line 267
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the method some degree of rejecting users if permissions don't match (ideally this should be performed within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract] public interface ISupportService { [OperationContract] [PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")] List<BaseInterestRate> GetAllBaseInterestRates(); } the code is simple enough: public class SupportService : ISupportService { public List<BaseInterestRate> GetAllBaseInterestRates() { OperationContext operationContext = OperationContext.Current; ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null using (xxxEntities entities = new xxxEntities()) { return new List<BaseInterestRate>(entities.BaseInterestRates); } }} My service configuration is thus: --> <behaviors> <serviceBehaviors> <behavior name="SupportServiceBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider" /> </serviceCredentials> </behavior> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN) How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN) How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN) Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
trying to create a stored procedure to authenticate users, if users are authenticated their data like userid, first name, etc are returned in a cursor. However, if users are not authenticated an error is returned or something that indicates users were not authenticated.
But I don't know how to do this in a stored procedure.
I'm developing a site that will display confidential readonly information,with data fetched from a WCF service.My question:What is the best approach to user management across different information pages.The service returns a collection with customer info after a secure login.idea is to have a Customer object class that is stored in session.Is it possible to use things like HttpContext.Current.User.Identity.IsAuthenticated followed by HttpContext.Current.Session["UserId"] without using a database with role-based security?Would I be better off with a combination of local database, Linq to SQL or datasets rather than using just class objects for data fetched from service?
