Security :: Authentication With A UNC Virtual Directory?
Sep 4, 2010
I'm using IIS7.5 and Windows Authentication through an ISA server. I'm trying to migrate a classic ASP application to ASP.net.
We have an internal file server with our department folders on and I'm trying to provide web based access to these. Previously I created a UNC virtual directory to the \serverdepartments share, and because ASP classic ran in the context of the authenticated user they could only browse folders they had permission to.
What security settings should I now be using for the Application Pool and what settings should I use on the Virtual Directory credentials to ensure security? I'd like the ASP.net page to run in the context of the logged in user, and when the code tries to display a sub-folder they don't have access to it should 'bomb out' as before.
View 2 Replies
Similar Messages:
Nov 2, 2010
I have 3 applications running at my end.
RootSite
RootSite/VirtualDirectory1
RootSite/VirtualDirectory2
I have a login page in three of these applications. When I login in either of these applications the .ASPXAUTH cookie is set but I am seeing that all of the three applications are updating the same .ASPXAUTH cookie instead of creating individual one. For example a user login on "RootSite", .ASPXAUTH cookie is created, now the user comes and login in the application "RootSite/VirtualDirectory1" and this time I am seeing the same .ASPXAUTH cookie is updating. I am confirming this because the created date of this cookie has been changed. So this means instead of creating a new cookie it is using the same cookie. How can I resolve this ? I don't want to interfere the logged-in logged-out status of one application with the other?
View 1 Replies
Jul 27, 2010
I have an ASP.NET MVC application for which I store uploaded content files in a virtual directory. This virtual directory is directly underneath my MVC website in IIS. My problem is that the virtual directory allows anonymous access. Anyone, logged in or not, can type in a public URL to my virtual directory and read the files in it. Is it possible to configure IIS (or something else) in a way that forces any requests to this virtual directory to run an authentication/authorization routine before allowing access?
Is this something I can configure in my website's web.config, or does the request never hit any server side code in this case? If it never hits server side code (and feeds the request directly to IIS), how can I change my implementation to require my site to authenticate/authorize and then serve my file.
View 2 Replies
May 3, 2010
I have the following setup:
[URL]
[URL]
Each virtual directory is configured on IIS6.0 as an application with own AppPool.
When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to the login page. This issue was not coming up with each app (dir1 and dir2) were configured under subdomain, ex: [URL]
I have resolved the issue by adding a machine key to the machine.config file.
View 2 Replies
Oct 17, 2010
I've created a virtual directory on a hard drive where I keep some jpg files, the problem is when I access a page that links to a jpg file it asks for a username and password, is there anyway to stop that from happening?
View 2 Replies
Jan 6, 2011
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
View 4 Replies
Jan 27, 2010
i am writing following code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
[Code]....
wen i m running this code its giving me "access id denied" exception..
View 2 Replies
Aug 31, 2010
We have created a website and for the secured files created a virtual directory and in virtual directory properties we selected Application-user(pass through authentication).If any user directly browse the files link then the browser prompts a screen for virtual directory credentials.Here my requirement is i need to send the virtual directory credentials through the application.
View 4 Replies
Oct 27, 2010
A month ago I got everything working but now my code has changed and my server may have been misconfigured.
Basically, I'm running IIS 6.0 and Win2k 2003. The webserver will map a network path UNC share at: //wave/test
Also, I have webconfig set up to do: impersonate = true (no username/password defined)
the path //wave/test is another computer that runs Windows XP. Wave is the computer name, test is the folder name. So C: est is the folder to access. The current permissions under C: est on the file server is: Administrator, IUSR_WEB (read-only) and "Wave_user" (read-only)
Back in WinServer 2003, i've added a virtual directory and mapped to \wave est and applied a local username/password for Wave_user. I am able to see/browse all the files in IIS 6.0 and see the files/folders. I call the virtual directory alias: "Waves". Inside Authentication method for this virtual directory, i applied Wave_user and the local password of the local file-server PC , and checked enable anonymous access w/ integrated windows authentication.
Also, back in virtual directory, I set "Connect As" to wave est as username and password as the local password.
When I access the webapplication, using my current local PC credential, and try to access the network share, which in C# is the command: server.mappath@("wave"... i get a Server Error 401. in the browser.
View 2 Replies
May 11, 2010
I am creating virtual directory from my C# code when i execute this code working every finely.
But problem is when i publish this code and access through iis it is showing an error as access denied .
i tried to give permissions to the folder in c:\inetpub\wwwrootfoldername Network service and users provided permissions of full control But still showing an error of Access Denied(mine is iis 5.0 in xp)
View 2 Replies
Apr 21, 2010
How to provide authentication based on a Active directory security group for a ASP.net webpage. I am using c# laungauge and .Net framework2.
View 3 Replies
Nov 10, 2010
I have a WCF service in a virtual directory that is called in the code behind of a page that is in the parent directory, when i debug the code i can see the wcf service is being called, however when the service calls Membership.GetUser() it alway returns null. The user has already logged in to the asp.net site. When i call the service via jquery it does pick up the correct user, but i need to be able to call it via the code behind as well. I am developing in .Net 3.5 how i can make the Wcf pick up the logged in user?
View 3 Replies
Oct 27, 2010
I made a web form on a development website of mine (we'll call it dev.somewhere.com) and tried to publish it out to the web (we'll call it [URL]) in a subfolder. I named it default.aspx like I was supposed to and it worked flawlessly on the dev site. When I published it out the web, I wound up getting the following error when trying to get to the subfolder: [URL] Directory Listing Denied
This Virtual Directory does not allow contents to be listed. Confused and flustered, I tried to go to [URL], but I wound up with some error that won't tell me the problem. Instead it tells me to change the my web.config to read <customErrors mode="Off"/>.
View 1 Replies
Feb 13, 2010
As virutal directory points to physical path of the application, so if the IIS root directory is C:inetpubwwwroot and the application is stored at D:websites, than we need to create a virtual directory but if the application content is placed at C:inetpubwwwroot, then why still need to create virtual directory.
View 3 Replies
Aug 6, 2010
I am trying to set up an intranet application with Forms Authentication configured for AD. (Don't ask why, it's for the boss). Anyways, I got it configured to where everybody on the domain can log in but I need to restrict it to a security group that IT has set up for me.
The problem I am having is that users in the SG can not log in to the site. I tried just adding
[Code]....
without a role manager but it didn't work. Then I tried adding the role manager below (among others...).
Here is my web.config
[URL]
Also, how should the user defined in connectionUsername and connectionPassword be set up? Must it be the same as the user I am running the application as?
View 4 Replies
Jan 18, 2010
I want to authenticate against the Active Directory by using Forms authentication and Visual Studio ASP.NET/C#.Do you know any great tutorials/howto:s for implementing this?
View 7 Replies
Aug 19, 2010
Authentication With Active Directory AD Getting propertie
[Code]....
View 1 Replies
Sep 1, 2010
I am just getting started with MVC and I was wondering if someone could point me in the right direction for help with forms authentication using active directory? I have the sample site up but the results I have found on google have not been very helpful in answering this question. This site is going to be an intranet page that we want users to be able to access without logging in when they access it from our network while they must login when trying to access it from home.
View 7 Replies
Jul 30, 2010
I am using Visual web Developer 2010 Express.
I want to create a small intranet web site with a login page that will authenticate against groiups of users in Active Directory. So for example if someone in Group A logs in they can get to web page X and if someone from Group B logs on they can get to web page Y. Is it possible to do this with the login controls without writing code? I thought it would be a fairly standard thing to do.
View 7 Replies
Mar 10, 2011
What's the easiest way to make Forms Authentication functional? Do I need to setup IIS/Active Directory? If so, how would you code that?
I was looking at this tutorial but it is a bit long, hard, and confusing: [URL]
Here's my web.config info:
[Code]....
View 1 Replies
May 5, 2010
I am trying to restrict access to the webpage using a security group. find the code in the web.config file:
<authentication mode="Windows"/>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
<authorization>
<allow roles="enterprisenet.orgNMR Helpdesk Supt" />
</authorization>
Code in the code behind file of the aspx file i am trying to access:
if (User.IsInRole(@"enterprisenet.orgNMR Helpdesk Supt"))
{}
else
{
Server.Transfer("noaccess.aspx");
}
Group is located in enterprisenet.org/Groups/NMR Helpdesk Supt . Its not working as expected.
View 2 Replies
Oct 2, 2010
I am trying to build a web app for an intranet site that for security reasons needs to make the user type in their Windows or Active Directory username pwd manually. I have previously worked with Integrated Windows Auth but in this case, we do want them to use type in their AD credentials.
I have been trying to look up how to do this and frankly I am a bit lost. It should be a fairly straightforward task and am hoping you can point me in the right direction, with some tutorials or examples. We will be using SSL so, dont have to worry about passing pwd in cleartext over the wire.
My environment is visual studio 2008 in C#, .net 3.5 if that matters.
View 1 Replies
Mar 8, 2010
I've built a asp.net 3.5 web application and want to be able to restrict access to particular pages. I have pages which should be able to be accessed by a user and then an adminshould be able to access all pages. I have created 2 Active Directory groups, one for normal users and one for admins so any users in the user group can see some pages then admins should have no restrictio
View 1 Replies
Jun 3, 2010
I currently have a web application deployed on our intranet and it uses Active Directory to authenticate the user.It all works fine. But now im asked to somehow grant access to the application for outside vendors that are not part of AD, but they still need to keep the functionality of the AD as they dont want to manage all the users that currently use the application.Is this possible in some way?Currently users dont need to enter a password or username as they are part of AD, but users who are not get the " You are not authorized to view this page..."message. Is there any way to avoid that message and allow them to login using their own password?
View 1 Replies
Jan 15, 2010
[Code]....
Forms authentication using Active Directory Group
View 5 Replies