Security :: Custom Authentication With WCF Service?
Aug 11, 2010
I have created a WCF service that will serve as authentication service for Silverlight client.The problem is that when I make a call to FormsAuthentication.SetAuthCookie in the Login method below, I get a null reference exception. I am following the 'Securing Applications Built on Silverlight and WCF' (http://www.componentart.com/community/blogs/milos/archive/2009/05/07/securing-applications-built-on-silverlight-and-wcf.aspx)
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
I want to create a web service that can authenticate user from my application. I will be sending user name and password from my app to the web service and that will deny or accept the user. I want to use form authentication using sql server. that this web service can be used by other team in my office so that they can just call the web service and the user will be authenticated.
Also, is it possible to use both form and windows authentication in my web service and authenticate the user both ways.
I am looking for a code which does authentication using service account username and password. I mean username and password which has permission to access the active directory and then authenticate the actual username and password provided by end-user. Googled everywhere but could not find any suitable code.
In my earlier verison, I used Active Directory to authenticate users which was Custom. In the sense that, I had passed UserName and password along with a token request through datalayer to authenticate against AD. it would eventually check the DomainNameUserName, password against AD and will get authenticated.
I'm looking to implement my own basic webforms authentication. I don't want to use the 'membership' features in this case because I don't want to modify the database schema with all the membership elements that I won't use, and I don't need to support users across multiple applications. I want to wind up with one simple 'users' table that has username, password, passwordSalt, and several other fields to support custom user attributes specific to this application.
but it's rather dated... is this still valid? I'm looking for guidance on what I need to do to implement a custom webforms auth solution. A very basic skeleton I can expand upon, or a good tutorial/guide that illustrates the necessary parts... just the basics..
I created a database for user authentication. After I pass loging parameters to the stored procedure in the database and they return a user ID for that user I use the following line for authentication:
[Code]....
User gets authenticated but the problem is that ASP.NET does not recognise the user as authenticated until the page is refreshed.
I think I'm missing something simple...I have a customRole Provider set up and it seems to be working fine - I can add/change/delete info using the WAT.For my Authorization I do a custom routine that is separate from the .net provider that basically says the users is or is not authenticated (true/false).If the user IS authorized how do I set the cookie (or whatever) letting .NET know who they are so I can use the roles on a directory level?I know I can use Roles.IsUserInRole on individual pages but I'd like to be able to use directory based authorization too (from the web.config).
I'm developing a web application using EF4, POCO's, WCF Data Services and the presentation tier (HTML, CSS, JavaScript, Ajax - NO WebForms). For security I would like using ASP.NET Membership Provider (Authentication Service): from a *.htm file calling the AuthenticationService. I executed aspnet_regsql.exe (to create the necessary database tables) and modified my web.config file:
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
I am connecting to remote server for web service using ASP.NET 3.5 web site. something like, [URL]. Remote server is providing digest authentication to access the web service. I dont have access to modify authentication on the remote server but I have an windows account on that server. If I try to Access service WSDL through programming I get the following error:
The request failed with HTTP status 401: Unauthorized. Same web service if I try to access through browser, [URL], it asks for user name and password. Entered windows account user name and password, still getting error: You are not authorized to view this page, HTTP Error 401.1 - Unauthorized. How to pass the digest authentication credentials to the web service through visual studio or any other programmatic method?
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
