Security :: Forms Authentication In Multiple Servers
Mar 7, 2011
I have two applications with a single domain name ([URL] and [URL]). First one has been developed in .NET 2 and the other one with .NET 4. I have configured web.config as these steps:
1- I've set the same machine key for both of them.
2- I've set the coockie name.
3- I've set the domain name to "domain.com".
4- Also, I've set hardcoded coockie domain name to "domain.com" .
Everything was working fine when both of them were running on a single web server. Recently, I've been asked to move test.domain.com to another server. After moving, authentication ticket is not valid on the second server. I tested both of them on a single server again and everything was workinh fine, but in two servers users can't acces to test.domain.com. (Authentication Ticket is invalid)
Edited: The second server is a virtual (VMWare) server. I don't have any problem in physical servers. I checked the server's time to be synchronized. I also used fiddler to see if the server does not get the auth ticket and ther ticket is sent to the 2nd server. Note: Servers are located in different networks and maybe proxy or firewall causes this (I've no idea)
View 3 Replies
Similar Messages:
May 1, 2010
I'm working on a new project and I would like to use forms authentication to protect the necessary pages. The project is going to be focused on companies where a company would create an account and have multiple users. Each company should have its own data and should not be able to see other companies' data. What would be the best way to go about this? I've considered using a subdomain for each company which would tell the application which membership provider to use. I've also considered using an additional credential such as company ID to specify which company the user is logging into.
View 7 Replies
Nov 10, 2010
I have three asp.net web applications
,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory
Like
1.Localhost/EmpMananger
1. Localhost/Hr
2.Localhost/Payroll
, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,
Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost
Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx
the authentication ticket is not available in second and third applicaiton
View 4 Replies
Mar 16, 2010
I have a small project I am working on using web developer express, and I am trying to get windows authentication to work with my intranet website project. This website is only to be accessed inside my LAN and not from the internet at all, so I figured windows authentication would be best.What happens when I turn it on (and I've tested this from multiple browsers: IE8, Firefox, Chrome, Safari) is that the website asks the user to log in (via pop up textbox). Not only does it request the user to log in (which I don't think it should, since the login is based on windows authentication and I am on a windows machine already logged into the internal domain) but it requests the user to login multiple times, sometimes I get asked to log in and type in the same username/password combination 12 different times. It seems to me that the asp page is requesting permission to view each individual element and requires authentication to load one object (like an image or text box).
I am severely annoyed. :( I just wanted authentication to work smoothly without any login requests, or at the mostone request.
View 1 Replies
Jan 30, 2010
How do i store same file into multiple servers? My scenario is explained below Administrator module resides in production server ( "cccc" domain) which is accessible only within my company. Common module resides in DMZ and can be accessed by internet users. I have written a program to upload a .xls file to both the servers. My program is in administrator module and resides in cccc domain. I could upload the file to the server in my company but i cant upload it in DMZ. Following is the code to upload to ccc domain
FileInput.PostedFile.SaveAs(Server.MapPath("..TU" & ServerFileName))
Followins is the code to upload to dmz
FileInput.PostedFile.SaveAs("http://grtr/" & "/TU/" & ServerFileName) I will get the serverfilename using file upload control
View 4 Replies
Mar 10, 2011
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
View 2 Replies
Nov 8, 2010
We are upgrading the asp.net 2.0 web application to asp.net 4.0. The application contain three main modules (sub application) like End User, Franchise and Admin with separate web.config, asp.net form Authentication, login page and running with single domain. the URL like,mydomain.com/login.aspxmydomain.com/franchise/login.aspxmydomain.com/admin/login.aspx In asp.net 2.0, working fine with 3 sub applications with separate form authentication under a single domain name and also we can working with all threes in same time. After the up gradation process (ASP.NET 2.0 to 4.0),We didn't run all three applications in same times and also form authentication crossed.
View 2 Replies
Jan 26, 2010
I created a mixed mode authentication mechanism based on a few of the articles that I have read on this topic. It's similar to something like this: [URL]
Basically, there are two web applications. One accepts the Windows Auth and one accepts Forms Auth. The Windows Auth then creates a forms auth ticket and passes control to the Forms auth application. This solution works fine when both applications are housed within the same IIS web site.
Now, order to control the security of this solution we set up multiple IIS web sites on the same machine. Web Site 1 serves external traffic (forms auth) and Web Site 2 serves internal traffic (windows auth).
So the design is that an internal user can hit the site using Windows auth via a internal name (myserver) while the external users use Forms Auth hitting [URL].
All that said, the solution works when the two applications are in the same site. Doesn't work when they are in different sites.
View 4 Replies
May 29, 2010
I have created a web application which has two section user and admin. Admin files are within
~/admin folder and user files are in ~/User folder. Admin and user has two different login page within respective directory.
Now I want two apply form authentication for admin and user section. Is it possible to apply form authentication for two different section in a web application?
View 4 Replies
Mar 6, 2010
I see a ton of questions about uploading multiple files, but none about uploading a single file to multiple servers, so here goes... I have an ASP.NET app that will be running on two load balanced servers, and I would like to allow users to upload files and have them end up on both servers. What is the cleanest way to do this? I am using IIS 6 btw. Some ideas that come to mind are:
1) Use a virtual directory that points to some shared location that both servers can access. Will there be any access issues if the application runs at Network Service? I'm assuming the application will need to run as a user account that exists on the shared location machine. How should the permissions be set for this?
2) It would be nice if I could via jQuery post the request to both of my servers, referencing them by their port numbers. Even though the servers are on the same domain, this violates the same origin policy, right? Is there another solution I'm overlooking? How do other sites do this?
View 4 Replies
Mar 17, 2010
Can multiple SSRS share the same DB? We're getting into an SSRS customization scenario, which may adversely affect our existing SSRS features, and I wanted to see if it was possible.
View 1 Replies
May 17, 2010
We have built an asp.net application according to 3 tier architecture, but Data Tier and Application logic lies on the same server. Our client needs that to be deployed in 2 different servers. Only front end in web server DAL & BLL in app server. Database is in different server. All 3 servers are at different physical locations. How can we commuicate between these servers and our applicaton tiers? is there any option in IIS so that we can deploy only back end code in another server? what is the best approach to communicate between different application tiers when they are physically apart?
View 2 Replies
Feb 7, 2011
We have an IVR product that reads a configuration database for callflow information. I am writing a tool for our implementation team that will allow them to add/delete/update the data in the configuration database. Once the tool is in production, the implementer will use only the production release of the tool to modify the configuration database in all four of the IVR regions (Dev, QA, Cert, and Prod). Each region has its own database with identical schemas. The tool has 'tabs' across the top for each region. If a user is currently working in the Dev region and clicks the QA tab, how do I switch my connection from the Dev db server to the QA db server?
View 3 Replies
Mar 28, 2011
A friend and I manage a large website for a company. The site is build using Visual Studio 2005 and is a series of nested web applications run inside a master application employing nested master pages. Currently we have to manually move files around folders and FTP them to various servers and I am looking for a way to be able to manage the deployment end of the site in a more automated fashion. I'd like to be able to work on my local version of a project and once I'm done be able to hit one button and publish the site to our internal testing server and then when testing is complete hit another button to deploy it to the live web servers. Right now we have to manually navigate the windows folders and copy pages, css files, images, swfs, etc and FTP them manually. The driver for this is that we have a new junior develop starting and want to remove the manual aspect in advance of him starting.
View 1 Replies
Nov 10, 2010
We have a web application that is storiing all site data in HttpRuntime.Cache. We now need to deploy the application across 2 load balanced web servers. This being the case, each web server will have its own cache, which is not ideal because if a user requests data from webserver1 it will be cached, but there next request might go to webserver2, and the data that their previous request cached won't be available. Is it possible to use a shared-cache provider to share the HttpRuntime.Cache between the two web servers or to replecate the cache between them, so that the same cache will be available on both web servers?
View 4 Replies
Jan 13, 2010
how can I synchronize sessionID over multiple second-domain servers? For example, I've got servers(you can log-in into server swarm at any of these), [URL], [URL], [URL] and if you log in at one of them, the login information (+anything else) should persist along them. How can I provide SessionID to other domains? (session itself is stored on sql server shared across the services).
View 2 Replies
Apr 16, 2010
I have 2 front end servers and 2 back end servers. There is a registration form in my web application. The registration form uses a Microsoft Wizard control. Lets say the Wizard control has 4 steps. After the fourth step, users click "Finish" and I display the "Thank you Message". The way the request is routed between the 2 servers is round robin. So lets say till the fourth step, the response comes from server A. After the user clicks "Finish", lets say the response now comes from server B. After they click "Finish", I am trying to access some information in the Wizard control (like Name, address and so on). Because the servers are now switched, the data is lost (at least thats what I think is happening). So all entries in the wizard control are now blank and when I try to read those values, they are null.
View 8 Replies
Dec 2, 2010
Boss comes in and demands that we change an existing dataload process written in .Net 2.0 to call stored procedures on two different servers rather than just one. In his mind (not a programmer) this should be a short overnight process. We have about 60 different SQL Commands that we need to change and test. Is there a simple way to do this that I can't think of? If there isn't we will use something like replication or database mirroring, which is my preference but is likely to get the cold shoulder from my boss, especially since I have never set these up before. A function that takes a SQLCommand as its argument and then iterates through as set of connections to execute the SQLCommand. Change all stored procs to call the same stored proc on a linked server.
View 1 Replies
Mar 12, 2010
I have a bunch of EC2 servers that are load balanced. Some of the servers are not sharing session, and users keep getting logged in and out. How can I make all the server share the one session, possibly even using a partitionresolver solution
public class PartitionResolver : System.Web.IPartitionResolver
{
private String[] partitions;
public void Initialize()
{
// create the partition connection string table
// web1, web2
partitions = new String[] { "192.168.1.1" };
}
public String ResolvePartition(Object key)
{
String oHost = System.Web.HttpContext.Current.Request.Url.Host.ToLower().Trim();
if (oHost.StartsWith("10.0.0") || oHost.Equals("localhost"))
return "tcpip=127.0.0.1:42424";
String sid = (String)key;
// hash the incoming session ID into
// one of the available partitions
Int32 partitionID = Math.Abs(sid.GetHashCode()) % partitions.Length;
return ("tcpip=" + partitions[partitionID] + ":42424");
}
}
View 1 Replies
Feb 8, 2011
So, I am the approach David Hayden posted on his blog [URL] to create a salt and hash the user's password by taking the user's raw password and the generated salt and using SHA1 to hash the value. I then store the salt and the hashed password in the database. zhe website is currently load balanced, so I was wondering if resulting hash value would be the same for both servers. Here is the snippet of code posted on David Hayden's blog:
private static string CreateSalt(int size)
{
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
// Return a Base64 string representation of the random number.
return Convert.ToBase64String(buff);
}
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(
saltAndPwd, "sha1");
return hashedPwd;
}
The reason I ask is that this code uses the code snippet: FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "sha1");
View 3 Replies
Sep 3, 2010
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 Replies
Jun 3, 2010
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
View 1 Replies
Feb 16, 2011
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
View 1 Replies
Nov 16, 2010
I am trying to set up my web site on a stand alone server using Windows Server 2003 with IIS 6 which will access SQL server database (2008) on windows 2008 R2 server (also not in the domain) I am using form authentication and I have configured a custom identity account in IIS6. The local account is on both servers with same password and I have registered the account using aspnet_regiis.exe -ga The application pool in my iis6 has the custom local account set as the identity and my web.config file has the appropriate tags in the system.web element <identity impersonate="true" />
The problem is the local account does not seem to get passed to the sql server. Right now my iis settings are anonymous access (using the local acct vs isr) and no authentication specified under that - I did try Integrated and basic but it prompts for the username and password which I do not want. One article I read stated this: windows authentication does not support delegation (passing credentials from one server to another) and is limited to the one hop rule, only a primary token can be passed to a second server. windows
authentication on iis (all versions) gives the thread a secondary(impersonation) token which can not be used to access any network resouce
View 1 Replies
Jan 7, 2011
I need to create .net membership user instance for a database living in a different server than the one I'm coding in. What is the best way to do this?Should I do it though Sql Server stored procedure? or should I use a separate provider (therefore having 2) in my web.config?
I need to create this user without using the "create user wizard".
View 8 Replies
