I am having a strange authentication issue moving sites from IIS 6 to 7. I am still very new to IIS 7 and have not been able to find a reason for this. The site is running with form authentication and windows authentication enabled and anonymous disabled just as it was in IIS 6. I did not find any useful posts here or on the IIS site, so I am hoping someone might know the answer to this.
View 1 RepliesI have the usual requirement of implementing Authentication and Authorization. I used to implement it using custom code where I have Users, Roles, Role_Pages, User_Pages, and User_Roles. So this way we can give a certain user roles (that group multiple pages) and/or directly define access to certain pages. All that with the ability to specify fine grained permissions like the ability to Add/Edit/Delete records in those pages.
My question: How easy is it to implement this using Forms Authentication and what advantage does that give over implementing a custom solution. I am also concerned with knowing if there would be any advantage when it comes to securing from session hijacking and against spoofing where an attacker could replay requests and impersonate legit users. Would Forms Authentication have any advantage there, or is it only SSL that can secure against that (which makes both approaches equal in that regard).
I'm creating a web application that need to authenticate users throw active directory, but i don't know what is the difference between windows mode and forms mode using active directory?
View 5 RepliesI am new to Web services and .NET. I have to authenticate a web service that is being accessed using http post. I tried putting a custom soap header and sending it to the service and checking the header in service but the header object is always null in the service.also if i put the user and password options in http headers how can i validate them on the server ? Client code:
private void button1_Click(object sender, EventArgs e)
{
HttpWebRequest request;
[code]...
I have some static (pure html) pages in my MVC application that I need to authenticate, so that not just anybody can look at them. Is there an way to do this without moving all the code to asp files and adding a controller and from there use the Authorize attribute? I would really prefer to not need to do this!
View 2 RepliesThis could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesI am running windows server with asp.net websites and sql server 2008 and IIS 6. It is working fine.
Now I need to move my asp.net websites to another windows server and I have hard time setting correct file security for the new server.
Is there any way to compare or move or see difference file security between two servers?
Finding Replacement options for Membership?
View 5 RepliesI have a Default.aspx program that contains a Treeview with a SiteMapDataSource. I also have a web.sitemap loaded up with urls. When I run the deafult app I get the tree layout that matches the numbers of options but no text on any of the options to click.
View 1 RepliesWhat do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 RepliesI needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
Why am I not able to login using my login control if I set the sql server database option for Recursive Triggers Enabled to "True"? Whenever I attempt to do so, I receive an error message on attempting to login that states "Your attempt to log in was not successful..."?
View 2 RepliesI really need some help here. I am brand new to using Visual Studio, but need to create a web page in which you must pay to register and view a Members Only page. I have followed a lot of instructions in these forums, but seem to have hit a wall.
First off, I am not able to use the ASP.NET Configuration under the Website tab. I have already created a New Web Site, selecting Visual C#, then the first option for ASP.NET Web Site. I chose File System for Web Location, etc. Long story short, I have made an ASP.NET Web Site with Basic User Login. The Login functionality is absolutely fine, I am able to view the site locally, register, and log in no problem. However, when I try to choose ASP.NET Configuration under the Website tab, nothing happens. From what I gather, I need to use the ASP.NET Configuration in order to configure membership permissions, and therefore
need to open this part of the program. In the long run, I would like to make it so that User Logins are sent via e-mail to people who have paid me and that wish to use my site, which brings me to my foreboding second problem.
I eventually need to find a web hosting service that will allow me to do all the things I have described. I was going to go with GoDaddy.com, but after doing a bit of research I realized it may not be the best option for what I am trying to do. However, through research, I have realized that VS 2010 is the best program to use for what I'm doing, but I'm in a bind because of inexperience, thus writing this question in this forum.
Any help making this web site would be greatly appreciated, I am definitely in way over my head. I have worked with computers for the last 10 years, so my inexperience is mainly with ASP programming.
Just to let you know, I have VS 2010, Visual SourceSafe, and SQL Server Express installed on this fully capable machine. What I am really looking for is someone to guide me through the process of creating this website, either through pointing me in the right direction or explaining in detail all the next steps that I must take.
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 RepliesWe are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that enables a user to be able to see a dataBase information only after that user has been successfully authenticated.
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.
But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.
I need to show/hide ASP.NET pages based on the incoming user's roles.
Is it possible somehow to use web.sitemap with these roles?
Or should I come up with my own way to map a web page to role/s?