Security :: Email Login And Windows Live Authentification With Web Forms Authentification
Mar 22, 2011
I have a website with WebForms Authentification enabled using a MySQL provider and i've also an ASP.NET Profile. I have the Role: NormalUsers, and HighLevelUsers. I have a folder named:"Users" that has access rules to: Deny ALL, Allow NormalUsers. I have a page names: MyProfile.aspx in the folder Users
First: I want the users to login with an email and a password not a username and a password.
Second: Now i want anonymous users to connect with their Windows Live ID and use my website as NormalUser, I also want to allow them to migrate their account to a normal WebForms account with a simple click that invokes the CreateUser methods and get the Email, Name, FirstName ..ect from their Windows live account to the createUser method.
Platform: Visual Studio 2010 (No SP), .NET 4, ASP.NET WebForms.
I am starting development of the new project and since I am new in the WCF world I want to ask your advice.I am going to implement web-service which will provide data for WPF client and for ASP.NET site. Web site and web service should be hosted in the Windows share hosting (not didicated server) and this fact is bothering me. WPF client and web site will provide almost the same functionality for the user, so I want to implement all logic inside web service not to duplicate it in the client and web site. Not sure what is the best way to implement such web-service - REST, SOAP or something else? Please, help me with selecting technology for web-service creation, I just want to get direction for optimal solution. 10x.Update: Sorry I did not wrote details. Service will be something like on-line shop with admin panel, so web service will be used for getting products and for adding new product to the system. It does not support tons of customers, it's just solution for small web-shops.
Suppose I've written my own authentication module implementing IHttpModule. It is not really done but there are good resources so I can figure it out.
There are also tutorials on how to add custom created module to Web.config. But how can I replace some default module ? That is how do I remove default authentication module from execution path ?
Can I just remove following lines from Web.config?
If I remove them will the default authentication module still work ? Of cause there is no real need to remove that module even if I don't use it... But it'll save some processor time and I'll feel better.
That was easy, not the hard part: can I replace HttpContext implementation? I have my own session class called Session and I don't want that HttpSessionState to be in HttpContext. I'd also like to replace User property of HttpContext. So I guess I need to create my own implementation of HttpContext and force my aplication to use it somehow. How do I do it ?
In my facebook canvas applikation, i store the access token in session. (I use ASP.NET MVC)
But i want to store the access token in a database along with the facebook user id that i can save different access tokens for different facebook users accessing my application.
So when i query the facebook user id and if it doen't return any access token, i request permissions and get the access token for that user.
How do i access the Facebook UserID for the user accessing my canvas application before doing any authentification?
I am able to get a token with Windows Live Delegate Authentication samples provided by Microsoft.
Now I want to access emails (New, Read, Unread etc) from live account. How can I achieve it with the help of Windows Live Delegate Authentication? Are there any examples for the same?
The Samples given by Microsoft are not related to emails.
I need to create an application with Forms Authentication and/or Windows Authentication. If the application is set to use mixed authentication (Forms + Windows Auth) and the user don't have a Windows user account, the login will fail and he must be redirected to a forms login page. How can I do this?
Are there any different way to provide mixed authentication?
Live Chat is a very famous tool on websites, and the operators use a special web/windows interface to talk to the clients.What I want to implement is to specify some email accounts, and when the client click's the live chat and starts typing, his/her instant messages are delivered to the available email account. My operators can talk back to them as if they are on their friends list.I don't need to require any login or registration for clients to use this Live Chat.So are there any ideas about how to implement such a thing? Are there any good third-party-modules that already do that?
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
I am using the Login control to create a new user. I have it where if the user adds and email address, then this automatically popuplates the username textbox with the email address. I want it where if they don't have an email address then the user can just create their own username instead.
But what happens is if they create a username, but the leave the email blank, a defined error message appears saying that an email must be provided. In the login control properties I have set the property RequireEmail to False but the message is still appearing.
Can anyone help me find out why the email is always required? I do have custom validators for other parts of the login, but have no validation set anywhere for the email.
Does anyone know if its possible to log someone into a site from their verification email? I don't want to take them to the login page from their email.
This is my third site that I use role management, but the first time this happens. I have two roles: Member and Admin. If Admin user login, Admin node on sitemap shows. It works very well on my local machine in Visual Studio Express 2008 and in Visual Studio Team 2008. But once I deploy files to live site, even admin login, the Admin node doesn't show. I have a Member management page from which I may see member's role, and I can see that user name is in the role Admin. What could be wrong?
I used ASP.Net Configuration manager to create roles, users, and access roles. Here is the code:
I was wondering what the following error means: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authentication. Initially, when my application was much simpler, I had no permissions and roles and my authentication mode was set to "windows". Afterwards, however, I added authorization, changed the authentication mode to "Forms" and ever since, when I try to login, I get the error above.
I've a Gmail account, assume that me@gmail.com. Now I want to login (as admin) in my website through this account. I know I can use OpenID etc. for that purpose but I want to limit it for just me only. Can I do this? I don't let anyone else to know which service I used to login and what is my address and etc. (Note: My website contains just one and only one login form, for just me, only!)
I have developed an Interanet web application using the windows Active directory authentication if user find then it automaticaly authenticated working correctly now my user wants the capability of being able to login to the intranet site as another user by providing the username and Password . For example, Team lead needs to login on other team memeber System to pefrom some task on his behalf if he or she is not aviable in office .
I have created a standard MS Login Page. However when I try to login on the page only by providing the Username system authenitcate the user ( not validating the password of that user)
On my Intranet page I want to be able to recognize the user by their Windows Domain login. I am using VB 2010 and ASP. I have several VB books but none of them cover this. If it isn't too much to ask could someone show me the way. I have a strong SYS ADMIN background and am pretty sure this will involve LDAP but that is about as far as I am.
Is it possible to remotly login into Windows using ASP? What I'm trying to accomplish is, that I could remotly call a ASP page on my server (Apache on Win Vista) that logs in a user on that system. For example remotly I start a Wake-On-Lan to start the computer (server). It boots up to the user login screen where I would have to enter my password to login to the desktop. Because the service is already running at that time, I would like to open a ASP page from my client that I could pass the windows user/password and the ASP-service would login the user on the server machine.
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
I've built a windows 2003 server at work with SQL server 2008, we normally login to a domain of which I don't have administrator access. Is there a way I can build and use a database of Roles to work with logged in users?
i want to create a login page and i have to use windows authentication. so what are the steps i have to follow to achive login contorl with windows authentication.
I am using FBA(Form Based Authen) and Windows Authentication for my web application. FBA is working fine with username and pwd. I want to use the same username, pwd for windows authentication without retering credentials in default login screen. How to avoid the default login screen with custom authentication..
