I am using .NET roles and membership model to manage user accounts in my system back-end.
If the request is come from within my web-app, I can authenticate through form.
But if the user is requesting from else where, maybe their own apps, how to I do authentication?
attach username and password (GET/POST) and then secure the line by SSL? is that what I should do?
I am connecting to remote server for web service using ASP.NET 3.5 web site. something like, [URL]. Remote server is providing digest authentication to access the web service. I dont have access to modify authentication on the remote server but I have an windows account on that server. If I try to Access service WSDL through programming I get the following error:
The request failed with HTTP status 401: Unauthorized. Same web service if I try to access through browser, [URL], it asks for user name and password. Entered windows account user name and password, still getting error: You are not authorized to view this page, HTTP Error 401.1 - Unauthorized. How to pass the digest authentication credentials to the web service through visual studio or any other programmatic method?
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 RepliesI have created a WCF service that will serve as authentication service for Silverlight client.The problem is that when I make a call to FormsAuthentication.SetAuthCookie in the Login method below, I get a null reference exception. I am following the 'Securing Applications Built on Silverlight and WCF' (http://www.componentart.com/community/blogs/milos/archive/2009/05/07/securing-applications-built-on-silverlight-and-wcf.aspx)
[Code]....
I want to create a web service that can authenticate user from my application. I will be sending user name and password from my app to the web service and that will deny or accept the user. I want to use form authentication using sql server. that this web service can be used by other team in my office so that they can just call the web service and the user will be authenticated.
Also, is it possible to use both form and windows authentication in my web service and authenticate the user both ways.
I was wondering if it is possible to call a webservice or send a SOAP request using a provided certificate to encrypt my password (my identity) and use another to encrypt/sign a timestamp, service header, & soap body? Does anyone have any material or sample code where I can test encryption and security too? It doesn't have to be my own certificates, I just want to see it work and then I can possibly tailor it to my needs. After the SOAP request, there will be a provided response which I assume I will have to decrypt.
I found this thread, but it doesn't seem to use signatures or an SSL connection. Does VS 2010 have some extra features to help out on this? I believe the SOAP should look like this.
<soap:Envelope>
<soap:Header>
<svchdr:ServiceHeader>
<svchdr:StaticRegion>...</svchdr:StaticRegion>
<svchdr:DynamicRegion>...</svchdr:DynamicRegion>
</svchdr:ServiceHeader>
<wsse:Security>
(Signature Info)
</wsse:Security>
<soap:Body>
...
</soap:Body>
</soap:Envelope>
we recently upgrated our project from 1.1 to 2.0. since then we are seeing "Forms authentication failed for the request. Reason: The ticket supplied has expired" in Event Viewer. this keeps coming 1-2 times for every minute. this is the full message. this also made the response time increased it seems.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 1/25/2010 5:00:30 PM
Event time (UTC): 1/25/2010 10:00:30 PM
Event ID:
Event sequence: 20601
Event occurrence: 2692
Event detail code: 50202.....
I am looking for a code which does authentication using service account username and password. I mean username and password which has permission to access the active directory and then authenticate the actual username and password provided by end-user. Googled everywhere but could not find any suitable code.
View 1 RepliesI'm trying to use ASP.NET WCF Authentication Service from a Winforms Application.
I am referring to this article as a tutorial.
for silverlight clients, the WCF Auth service works well.
but for Winforms Apps,
[Code]....the AuthenticationServiceClient.IsLoggedIn() always returns false even after login.
what is the cause of this and is there another approach I should take when I leverage ASP.NET authentication from Winforms?
how to authenticate a user using the central authentication service?
I created a login page to enter the user name etc. I have the server for the authentication.
I'm developing a web application using EF4, POCO's, WCF Data Services and the presentation tier (HTML, CSS, JavaScript, Ajax - NO WebForms). For security I would like using ASP.NET Membership Provider (Authentication Service): from a *.htm file calling the AuthenticationService. I executed aspnet_regsql.exe (to create the necessary database tables) and modified my web.config file:
<configuration>
<system.web>
<roleManager enabled="true" />
[code]...
I have a webservice which works 100% fine on my developer machine. Where Web Service is installed on LOCALHOST on my developer machine,Then i went to my servers, I installed webservice on one server and map it with the server where the website is hosted, Then i tried accessing this service using BROWSER from my web server, it worked fine, That means the mapping was done perfect.Then i run my program on web server (website). It worked fine on page1, then on page2, but when i did the same and call same function on page3, It popped me any error of
View 4 RepliesThis could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesWhat do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 RepliesAm going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 RepliesI needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
For every incoming request I need to perform custom authorization before allowing the file to be served.
(This is based on headers and contents of the querystring. If you're familiar with how Amazon S3 does rest authentication - exactly that).
I'd like to do this in the most perfomant way possible, which probably means as light a touch as possible, with IIS doing as much of the actual work as possible.
The service will need to handle GET requests, as well as writing new files coming in via POST/PUT requests.
The requests are for an abitrary file, so it could be:
GET http://storage.foo.com/bla/egg/foo18/something.bin
POST http://storage.foo.com/else.txt
Right now I've half implemented it using an IHttpHandler which handles all routes (with routes.RouteExistingFiles = true), but not sure if that's the best, or if I should be hooking into the lifecycle somewhere else?
I'm also interested in supporting partial downloads with the Range header. Using
response.TransmitFile(finalPath);
as I am now means I'll have to do that manually, which seems a bit lowlevel?
I have user's who are losing their data because they sit on a page too long, then are asked to log back in. I want to do the following:
1) Instead of redirecting them to a login page, I want to cancel the current request and give the user a popup dialog box to login with.
2) When the login is successful, I want the user to be sent back to their form, with all data intact. (Even better if the request could go through without sending them back to that form, but this is optional).
How can I intercept these authentication requests, and present the user with a popup login?
I am using ASP.net forms authentication.
Using Forms Authentication in an MVC application, is there a way to capture if a particular authentication request has failed? For instance, if I have a controller attributed [Authorize( Roles="Admin" )] And a user not within the Admin group attempts to use it, I'd like to do something with that on a case by case basis.Is this possible?
View 5 RepliesI have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
