Security :: By-pass Authentication For Intranet Connections?
Feb 26, 2010
The company I work for has a web app running on IIS that has been strictly internal (uses a port other than 80 not accessible to the internet). Recently we started using mobile devices and need to access it over the internet. So I simply made it part of our company web site and secured that portion using forms authentication. The problem is that it is also our home page in the office and it is a pain to be logging in several times a day. In fact some of the staff are irate they have to login in at all when at their workstations. Is there a way to by-pass authentication when the referrer is http://servername/ and still enforce it when accessed via http://www.domainname.com?
View 1 Replies
Similar Messages:
Jan 9, 2010
We also have sales rep that take call and use the same website to take the orders.
My boss wants me to allow the SR to only be able to take orders if they are in the network itself. When I ask why he tells me "just because".
I'm sure there's a way but I can't see it at the moment. How do I go by doing that? Also keep in mind that if the SR is outside the intranet, he can't be allowed to enter his active directory login/password (so the login window must not even show).
View 3 Replies
Jan 7, 2010
I've a project using windows authentication and it will be used in intranet. The client itself already have a web application in their intranet and they built it with Java (they used windows authentication too). The problem occur when they want my web application only appear within their application content section.
What should I do? I did think about using iframe but some people said it's evil. And if I'm going to use iframe, is it save? My web application will use a few pop up window/modal window and ajax.
View 5 Replies
Jul 26, 2010
i m trying to set up an Intranet site with Windows Authentication. I have configured the web.config as shown below.
<authentication mode="Windows">
<roleManager enabled="true" />
I wanted to do authorization by roles so
<authorization>
<deny users ="?"/>
<allow roles="D820MySite_Developers, D820MySite_Admins"/>
</authorization>
I'm in the D820MySite_Developers group. When I attempt to login, it wants my password. I thought that with Windows Authentication it should not prompt for the password. If is use <allow user="*"/> it does not.
1. Is this the correct behavior?
2. My aspnetdb does not appear in the App_Data folder. Should it and is this causing the problem. If it should be there, how do I get it there?
3. I was under the impression that by using Windows Authentication, I can prevent users from accessing pages by folder. Is this provided by IIS or is this provided by Windows (using Windows Explorer)?
View 3 Replies
Feb 24, 2011
We would like to use AD authentication with our Intranet site to control what pages different users can access. I'm very new to ASP.net and would be interested in links to a how to description. We are using Visual Studio 2008.
View 1 Replies
Mar 23, 2010
I'm trying to set up Windows authentication on an intranet site. I have this code in the web.config:
<system.web>
<authentication mode="Windows"/>
<authorization>
<allow users="domainuser, domainuser2" />
<deny users="*" />
</authorization>
</system.web>
I can log in with my own credentials, but I have virtually all the rights in AD. User2 can not log in. The website is set to use Windows authentication in IIS manager. And I've tried setting permissions in IIS manager and NTFS permissions for the folde
View 3 Replies
Dec 6, 2010
We are having an issue with the windows authentication and IIS restart for asp.net application Our environment is an intranet site (an asp.net application ) that uses windows authentication, uses integrated security application pool, physical path credentials are set for a service account, who is admin for sql server, IIS etc. web.config - Connection string has Integrated Security = true, authentication = Windows, and authorization - deny *, allow = security group. Anytime we start - stop service (or restart) (IIS); and hit the website thru some other machine IE, it fails to show the website (401.2), and any subsequent hit to the website doesn't go thru.
However when we start the service, and hit the website on server's (where website is deployed) browser first time then everything works fine for subsequent hits from anywhere as long as authenticated on corp net and member of security group configured in web.config. This behavior however goes away if we uncheck the configuration "Enable Kernel-mode Authentication" on the asp.net application. ( but then Firefox browser stops working with this configuration!!) Why such behavior? In the documentation it states its recommended to keep it enabled. What is recommended way of publishing a website with windows authentication enabled? Any side effects of "Enable Kernel-mode Authentication" being unchecked ( other than what we found for firefox not working) Environment : IIS 7.5 windows 2008 Server R2, VS2008, SQL Server 2008, ASP.NET 2.0
View 5 Replies
Oct 2, 2010
I am trying to build a web app for an intranet site that for security reasons needs to make the user type in their Windows or Active Directory username pwd manually. I have previously worked with Integrated Windows Auth but in this case, we do want them to use type in their AD credentials.
I have been trying to look up how to do this and frankly I am a bit lost. It should be a fairly straightforward task and am hoping you can point me in the right direction, with some tutorials or examples. We will be using SSL so, dont have to worry about passing pwd in cleartext over the wire.
My environment is visual studio 2008 in C#, .net 3.5 if that matters.
View 1 Replies
Jul 8, 2010
We have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
View 1 Replies
Apr 16, 2010
To work with the ASP.NET 2.0 Membership and Role, we will use Forms authentication for the public Internet.
On the other hand, we use Windows authentication for Intranet applications. uestion: In a website with Windows authentication, can I still have some kind ofole management for different
groups of the Intranet users? If yes, how?
View 2 Replies
Mar 17, 2011
Is it possible to bypass the NT challenge login, and just have a standard webform login, then authenticating programtically as that user and passing those credentials manually to my connection string so that the database sees me as that user?
View 1 Replies
Jun 28, 2010
Do any of you guys have experience using Active Directory and the Intranet Zone to silent authentication with a local web site? I've done it in the past with 1.1 and 2.0 .NET, but this 3.5 site I have written doesn't seem to be working for some reason.In the past, how I have done it is:
In web.config, set:
<authentication mode="Windows"/>
In IIS 6, under directory security, check Integrated Windows authentication and Digets authentication for Windows domain servers, and set the realm to my domain, and uncheck Enable Anonymous access.The I add the Host Header for the site to the corporate Intranet Zone in Internet Explorer under trusted sites using Active Directory.And that's basically it. I've done it on plenty of intranet sites before, but with this 3.5 application I am still being propped to login. Anybody see any steps I missed?
View 12 Replies
Jan 17, 2011
I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. I need to do to get the URL with server name working.[URL]
View 3 Replies
Jan 4, 2010
While recognizing that there are many 3rd party solutions to output a web page in pdf format, my corporate intranet hosting service does not allow 3rd party software, so...
This post is in response to
http://forums.asp.net/p/1506431/3585235.aspx#3585235 where it was suggested I might have better luck in this particular forum.I'm using VB.Net 2.0/vwd2005/MS SQL Server 2000. There are a couple web pages that are used for ocumentation--the format and data is exactly what I need, but to pass on to groups outside the intranet, the documentation needs to be in pdf format.
View 1 Replies
Dec 18, 2010
we are migrating existing windows form application to asp.net(3.5) intranet portal, there is a requirement whereby database connection should be made by the logged in windows user. Is it possible to achieve this functionality?
View 1 Replies
Dec 21, 2010
I have 2 website A and B.
B site with windows authentication
I want to open B site as new window from A site, so its ask for windows credential. I have credential in A site. I am opening B site using Javascript.window.open.
how i can set credential for B site from A site.
View 2 Replies
Jul 18, 2010
I am getting this error when trying to connect a database from another computer in my home network:
System.Data.SqlClient.SqlException : Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
this database is using windows authentication. sqlserver 2008.
What is the connectionstring that I need to use in order to get the database?
View 1 Replies
Apr 4, 2010
I am helping a club create a site that has a password protected "members only area". I have never done anything password protected. I used VWD and created the user names and passwords. Apparently using the AspNetSqlProvider. The site and password protected area work great when tested locally. The problem is when the site is uploaded to the hosting company, the login area will not work. I found that I had to create an SQL database in the appropriate area of the hosting company. The login still won't work. I am thinking that I have to create a connection string in the web config file. The problem is - when I tried that the site wouldn't work when I tested it locally. I really need lots of help with this part.
View 5 Replies
Feb 19, 2011
i'm a real beginner, so my questions may sound rather stupid but i did not google anything on it.
Suppose I create a standard mvc 3 application having an authentification system. There are the questions:
1. As I understood the information about users is stored in App_Data folder. Is there a way to store it database? obviously, there should be one,
but i cant figure it out .
2. Suppose I want to link a user with entities belonging to him (like articles in a "shared" blog, photos, whatever), How do I do this?
the standard MS tutorial (MVC music store) doesnt cover neither of these questions which are rather basic.
View 1 Replies
Jan 15, 2010
I have incorporated the asp.net membership and roles feature in my web app on my local dev setup that uses SQL 2008 Developer edition, all works as it should.
My remote system uses SQL 2005 express and I went through the process of creating the ASPNET membership tables via the "aspnet_regsql" command to my remote target database. I then created a few users, adjusted my app connection strings accordingly and uploaded.
My login page uses the "login" server control and when I try and login using credentials from one of the previously created users I get a "Your login attempt was not successful. try again." error. I know the users are in the DB as I can see then via the SQL Management studio on the remote DB. I have triple checked the username/passwords and I am definately entering the correct info. The connection strings are correct as the initial page renders content from another table in the DB. I am getting no errors.
My best guess at the moment is that SQL Express handles Membership/Roles connections differently to the full versions of SQL?
View 6 Replies
Mar 24, 2011
I'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc. Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.
View 3 Replies
Jul 16, 2010
We are using IIS6 and .Net Framework 2.0 for our intranet with Windows and Digest Authentication . We have 2 domains that have access to this intranet. I suddenly have the need to display slightly different content for users from Domain A. The changes are rather trivial (text on a label and and image in a header) but important to our stakeholders.
View 4 Replies
Feb 7, 2011
Show Authenticated user on Intranet:
Response.Write("UserName is: " + User.Identity.Name);
In Web.config:
<authentication
mode="Windows"/>
<authorization>
<allow
users="?"/>
</authorization>
This works fine on local server. But not on Intranet.
On Intranet, it was working fine on IIS 6.0.
But on IIS 7.5, the user doesn't get authenticated.
View 3 Replies
Mar 22, 2010
diff between internet And intranet applications design. How they are deff in authentication. What kind of authentications is possible?
View 1 Replies
Apr 22, 2010
I'm still new to windows authentication. Basically, we have a page on http://externalsite.com that needs to be accessed only by an authenticated user originating from http://internalsite. The user on internalsite is already authenticated using windows authentication.I'm confused here. How can I validate the user and obtain their role so that i can not only validate that they are authentic, but to authorize them to use this page on externalsite.com?
View 2 Replies
