I developed a website using asp.net 2.0 with form authentication.
Everything working ok on my PC, then, i upload my website to server, and there is a problem, after logged in
HttpContext.Current.User.Identity.Name return blank
but it working ok when i run my website local on server.
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesWhat do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 RepliesI needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 RepliesWe are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that enables a user to be able to see a dataBase information only after that user has been successfully authenticated.
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.
But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.
I need to show/hide ASP.NET pages based on the incoming user's roles.
Is it possible somehow to use web.sitemap with these roles?
Or should I come up with my own way to map a web page to role/s?
i want to use authentication with CAS (Central Authentication Service), i found this documentation : https://wiki.jasig.org/display/CASC/ASP.NET+Forms+Authenticationin my asp.net project, i added a login page, in the cs code, i added a method "authentifieCAS()", that contain the cas code, and that i called from Page_Load method.
[Code]....
when i run my project, the cas login page appear but when i make a submit, i have an error browser (The page is not redirected properly), in adress fieldof browser i noticed that my login page was redirected to the page default.aspx
I'm trying to migrate my login logic from my ASP.NET MVC 2 app to a WCF service. Followingthese instructions, I created a WCF project inside my solution, created the service, deleted the IAuthenticationService.cs and AuthenticationService.svc.cs and modified the Web.config which looks like this:
[Code]....
If you are still reading here we are good . You'll have to excuse the code it has pieces of "stuff" from everywhere while trying to make it work, I referenced the service in my ASP.NET MVC 2 site and the Web.config looked like this:
[Code]....
Now, this document in MSDN says I should stick my login info in the Global.asax, that didn't work so I turned to my account controller into its LogOn method and set the logic there:
[Code]....
So finally I get to call the Login but before I do one of two things happen:if the credentials are set, a CommunicationException happens if the credentials are empty, it says clientCredentials is empty
Since this is in a test environment SSL is not needed (though in this post says it's mandatory). How can I get it to work? I'm putting this into a web service because I want my service layer to work only for authenticated users.
If I am using AD authentication for my internal ASP.NET app how can I enable that that same AD User is authenticating on the internal web service that is being called by that internal ASP.NET application?
View 2 RepliesWhat is the authentication mode available in ASP.NET? How do you set authentication mode in the ASP.NET application? How do you provide secured communication in ASP.NET? List out the difference between windows authentication and form authentication. ?
View 3 RepliesWe have a user that has been logging on to a site for several months. Suddenly on Monday the user was forced off and since then they have not been able to log back in from the machine where the problem occured. They can log in to site using other PCs in the business using the same creduentials as we can from the support desk.
We have performed a completed cleardown the IE8 history and cookies etc, check that is can see the internet, working online and recycled the application pools but still the uses account is unavailable from that machine.
I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password.
When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing).
My question/problems are:Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue?
Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2.If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load?
I am trying to get the windows authentication for intranet design Codes return userid of my system but when I try the same fron other system, there too they return only my system's Id.
View 4 RepliesI am taking an existing ASP.NET site with authentication, membership & roles and updating it. In the process I am pulling the authentication portion off of the site and using an SSO (through Central Authentication Services - CAS). I need to retain the use the membership and roles of .NET. Right now my site allows users to add an account and I approve and add them to groups. Since I will no longer do the account management I still need a way to add them to the proper groups once they have an account.
The question is sort of a chicken/egg question... Since I am the admin I need to add myself first, but since the authentication is no longer local how do I do this? Do I develop a special function just to add my account and then other pages to manage the rest?
The error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
what I'm doing:
I need to enable forms authentication for only one of my pages.
so I made an application under my project using IIS and enabled its forms Authentication. The application contains the page that requires user to log in and a web.config. Below is the code of web.config under the application.
[Code]....
I can't move these codes to the main web.config of the project since in that case all the pages will require log-in.