Security :: Forms Authentication With Active Directory?
Aug 6, 2010
I am trying to set up an intranet application with Forms Authentication configured for AD. (Don't ask why, it's for the boss). Anyways, I got it configured to where everybody on the domain can log in but I need to restrict it to a security group that IT has set up for me.
The problem I am having is that users in the SG can not log in to the site. I tried just adding
[Code]....
without a role manager but it didn't work. Then I tried adding the role manager below (among others...).
Here is my web.config
[URL]
Also, how should the user defined in connectionUsername and connectionPassword be set up? Must it be the same as the user I am running the application as?
I want to authenticate against the Active Directory by using Forms authentication and Visual Studio ASP.NET/C#.Do you know any great tutorials/howto:s for implementing this?
I am just getting started with MVC and I was wondering if someone could point me in the right direction for help with forms authentication using active directory? I have the sample site up but the results I have found on google have not been very helpful in answering this question. This site is going to be an intranet page that we want users to be able to access without logging in when they access it from our network while they must login when trying to access it from home.
I currently have a web application deployed on our intranet and it uses Active Directory to authenticate the user.It all works fine. But now im asked to somehow grant access to the application for outside vendors that are not part of AD, but they still need to keep the functionality of the AD as they dont want to manage all the users that currently use the application.Is this possible in some way?Currently users dont need to enter a password or username as they are part of AD, but users who are not get the " You are not authorized to view this page..."message. Is there any way to avoid that message and allow them to login using their own password?
I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:
[Code]....
I also tried using the LogonUser method to create a user token and backend the authentication that way, and it doesn't work either.
I want to create a small intranet web site with a login page that will authenticate against groiups of users in Active Directory. So for example if someone in Group A logs in they can get to web page X and if someone from Group B logs on they can get to web page Y. Is it possible to do this with the login controls without writing code? I thought it would be a fairly standard thing to do.
I am trying to build a web app for an intranet site that for security reasons needs to make the user type in their Windows or Active Directory username pwd manually. I have previously worked with Integrated Windows Auth but in this case, we do want them to use type in their AD credentials.
I have been trying to look up how to do this and frankly I am a bit lost. It should be a fairly straightforward task and am hoping you can point me in the right direction, with some tutorials or examples. We will be using SSL so, dont have to worry about passing pwd in cleartext over the wire.
My environment is visual studio 2008 in C#, .net 3.5 if that matters.
I've built a asp.net 3.5 web application and want to be able to restrict access to particular pages. I have pages which should be able to be accessed by a user and then an adminshould be able to access all pages. I have created 2 Active Directory groups, one for normal users and one for admins so any users in the user group can see some pages then admins should have no restrictio
I am trying to follow instructions on how to create a login page that tests against active directory. My issue is all of the tutorials seem to be written for ASP.NET 2.0. When I try to follow them I cannot get them to work. Does anyone have any tutorial or information for .NET 3.5 or 4.0?
I want to know how to do Active Directory Authentication in my intranet web application,
So far I created a simple login page and I am using the login control. my questions are how do I configure the application, how do I interface the login control so it will take the user to next page once they input their usual active directory username and password.
I am trying to authenticate the users on a web application through their Active Directory credentials. What should I use? Client Certificate Mapping? or Forms? I am currently using a Form Authentication, but it is not working. It keep telling me my credentials are not correct. Should I switch over to something more recent? Client Certificate Mapping is installed, I just don't know how to set it up. Isn't there something about purchasing a certificate for the website? Is there anything else I can use that is secure and uses Active Directory credentials?
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
if you have implemented Forms Authentication with Active Directory in ASP.NET 2.0, I have implemented [URL] mentioned on this page. But I am getting an error saying "Provider must implement the class 'System.Web.Security.RoleProvider".
I have a web application (intranet based) which uses Windows Authentication. Unfortunately there are public computers that have public logins at some company locations. My web app doesn't support these public logins because I need to know the user workingSo, even though these public users are windows authentication users, my app will fail because I have no user account setup for that particular account. I want to then try Active Directory Authentication.In my Default.aspx.cs I'd have something like this
protected void Page_Load(object sender, EventArgs e) {try userContext = new UserContext(); // If the authenticated user isn't a user in my system then throw an exception } [code]...
I need to create a web page that authenticates users against an existing active directory. The domain is actually a cloud computing configuration where there is a domain controller and multiple other servers on the stack.
I understand that objects from the System.DirectoryServices namespace can be used. However, I cant seem to path the code to the active directory through the LDAP://domain.com address. There doesnt seem to be any communication going on. I suspect there is some initial configuration necessary or security measures blocking the communication.
I am working with this example from MSDN: http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx.
I get an error that says the server is not operational.
I am not really sure if this post should go in the Security section or the Active Directory / LDAP section....with that being said I am looking for advice on how to best accomplish my goal(s), I am working with FORMS authentication, using active directory (across 2 domains). I have got authenticating working correctly based upon the article at: [URL] now - my questions:
1. What is the best way to deal with roles? What I would like to do is restrict access to my application so that only the users that are authorized to use the application can login - not everyone in the AD. My gut feeling tells me I would use an AD group for this. Furthermore, a subset of these users in this group will be allowed to access the data maintenance forms
2. Ideally, in a perfect world, I would like to write this authentication piece as a separate project - this way it could be used for multiple projects - the only thing different would be the AD groups it would be checking. Is there a way that I could set which AD groups or roles in each projects web.config?
Am I approaching this the correct way? What is typically done?
I am using System.directory services namespace in framework 2 to query active directory. I have used fixed user account impersonisation in the web.config file, find the code:
I have disabled anonymous access in IIS. Also i have given Read & write access to the account tang09 for the website virtual directory and Microsoft.NET folder located in windows folder. But still i get prompted for the domain username and password to access the website.
I can attempt to log on but every time it says I am using the incorrect username/password. Does it look like I am doing anything wrong above? Is there any way for me to find more information on why it's not finding my username/pass?
UPDATE:
Do I need to provide a Username and Password in my membership/providers section?
In the past I've developed web apps using Windows authentication however I'm now tasked with building a web app which needs to directly authenticate with Active Directory however I'm unsure about the security of doing this and have several questions.
As it stands I'm simply authenticating users by padding the username and password entered into a method which performs a search on active directory for the user's sAmAccountName, this is done within a try catch block. If the search can't run and throws an exception then the user isn't authenticated and if a result is found then the user is authenticated.
My first question is , how secure is doing this?
Secondly I need a way of storing possibly a session variable to ensure the user, once logged in, can access all the pages they have access to.
I was thinking of pulling the user's GUID out of AD and using that as the session variable.
Lastly I need to prevent people from trying to brute force my web application and to do that I've simply create a new session variable and once the count reaches 3 , they will not be able to make anymore attempts until the session variable has expired or they clear their cookies.
I think this is a more method of preventing numerous consecutive login attempts and wonder whether there's a better way? I'm considering using a captcha.