Security :: Get WindowsIdentity Failing With Incorrect Function
Mar 25, 2010
i have this line of code
WindowsIdentity wi2 = new WindowsIdentity("test1");
test1 is in the ActiveDirectory on the DomainController
when running the code I get an IncorrectFunction error
at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)
at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)
at Hisco.Intranet.LoginForm.OnInit(EventArgs e) in F:HiscoDCSWebEventsManagerHiscoDCSDCSLoginForm.aspx.cs:line 17
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
I have windows auth for the website and outside users will logon that are not in the network and I need to impersonate them to login on without offering a login form( quietly behind the scenes) with the test account. I guess what I actually need is the UserTaken pointer. Is there a way to get one without ising the LogOnUser unmanaged call? I have a UserPrincipal object also so is there way to get the token from ActiveDirectory somehow?
In our web application we provide a way for users to switch which account/credentials (Windows identity) that should be used when making requests to external services.
This "Switch user" service works like this:
The user provides the new credentials that should be used. The application performs a "login", fetch the toke and creates a new WindowsIdentity based on the token.The created identity is placed in the session. When a page is requested and an Identity is available in session, the HttpContext.Current.User is replaced with this one. Everything works as excepted when the application is hosted in IIS6. We have verified that all request to external services is made using the new identity. When we host the application in IIS7 we run into problems however. Everything works fine until we tries to access the new identity (for example by fetching the name) and we get the following exception:
[Code]....
We have no idea why this suddenly starts to happen in IIS7.
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting. ' Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
Iam using a file upload control for uploading files in my asp.net application. iam using the following code to impersonate the users who do not have permission for the files to upload. The code works fine for all the files, but it is not working for the files which are in desktop.
Code in .cs file:
System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); //Insert your code that runs under the security context of the authenticating user here. impersonationContext.Undo();
So I'm using the CreateUserWizard tool, which is working great, and have added a few custom fields to the user's Profile, which is also working great... with one exception. The fields that I'm capturing from TextBoxes are being saved to the database perfectly. But those I'm trying to capture from DropDownLists aren't being saved. No error is taking place, either in my code or at runtime, but no data is being written to the table from these particular fields.
I thought I knew how to capture data from a DropDownList in ASP.NET (I'm a newbie, but not ridiculously so), but I've tried a bunch of stuff here and nothing seems to be working. I'm posting an abbreviated version of my CreateUserWizard1_CreatedUser function below, with comments...
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e) { //Get the profile of the user by finding the profile by name TextBox oUserName = (TextBox)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("UserName");
I have a machine in MyDomain on which i have deployed the website and file server as virtual directory. For file server i have created an application pool with identity as UserName and Password. And file server directory setting as Integrated Windows Authentication instead of Anonymous Access. When i am accessing file server from outside the domain then it is asking for user name password. After providing the credentials it open the file. Now i am trying to access the file server from wbsite using the machine outside the domain.Before accessing i am impersonating the current user with user which is present in identity. But after redirecting to the file server url it is again asking the credntial. why it is asking the credential if i have already impersonated the user.
Using MS article http://msdn.microsoft.com/en-us/library/ms998317.aspx, I created a web site to develop a forms authentication solution for our web app. The server is Win 2003 w/IIS 6 and the app is VB.NET. The web.config was updated for forms authentication and settingsappear below:
If the "login incorrect", the page is redirected to www.domain.com / LoginError.aspx, If the "login incorrect" the page is redirected to the previous web page history.back ()
for my web app I'm using ASP.NET's standard membership for authentication, but for some strange reason the LastLoginDate in the aspnet_Membership table has incorrect time for all my users, the date part is fine, but the time is way off (it's like 6-7 hours different from the correct time). The LastActivityDate in the aspnet_Users table is also wrong with the same kind of issue. I checked the server machine that's hosting the SQL Server and the time on there is correct, is there something else that's dictating the time?
I'm writing an ASP.net application and I'm working with the WindowsIdentity.GetCurrent() function. I want to know how (or if it's possible) to change what identity the ASP.net application runs as.
I eventually want to run it as an account associated with the end-user. I understand I can do this with Windows Authentication in IIS, but Windows Authentication will not work with my particular application. If I can programmatically log the user in with a AD username and password, that will be fine.
How can I set the WindowsIdentity the ASP.net application runs as without using Windows Authentication in IIS?
Update: This question has been sitting idle for a long time. I think that perhaps the framework does not allow me to do what I'm describing here.
I have an asp.net 2.0 application that is suppose to pick the Identity of the currently logged in user on a client machine and use it to setup working environment for the user. On win xp and windows server 2003 this works fine. but on moving the application to Windows Server 2008 R2 .
I am working with a sql server database with about 50 stored procedures. The database and stored procedureswere not created by me. The stored procedures all begin with a number in their name.
Example: 17P_Comsetter
The problem I am having is that if I try and execute the stored procedure at the command line in Query Analyzer,the query analyzer appears not to like that the stored procedure begins with a number. For example:
If I try an run the stored procedure as follows:
EXEC 17P_Comsetter
Then I get the following error message:
Msg 102, ..... Incorrect Syntax near '17'
I am using SQL server 2005. Does anyone know why I am getting this error message?
I have a user that when I attempt to enumerate her groups using either System.Security.Principal.WindowsIdentity.GetCurrent().Groups on user's computer or System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups on the IIS server, I get a list of their old groups, not their new. I have checked the DC that they authenticate to and the ASP.NET page is running inside a SharePoint instance so the LogonUserIdentity most like is being provided from there Kerberos ticket. Should I be looking up the groups directly from the AD instead of relying on the WindowsIdentity or LogonUserIdentity?
I want to have a function that runs once when a user logs into my system. It should run once everytime a user logs in. I don't handle my logins with Membership, just with Authentication. How do I accomplish this?
i'm a begineer and i'm now learning how to develop a web page with asp.net in c# language.can anyone teach or show me a sample of login function which can put in my web page together with the page and database code.p/s: i do not use the MS sql server express in MS VS instead i using MS sql server 2005 as my database.
We are using ASP security on the site, i found months back a tutorial on implementing a pretty simple management page that allows you to create, edit, delete and add roles as well as adding users to roles from 1 page..
It has been working fine, but we added our own security matrix to the site, everything that has to do with the ASP side of the security works as expected and no issues or concerns.. but with our matrix in place, i need to tie the 2 together for 1 thing.. the deleting of a user..
The delete function works great.. but i would like to add my delete to that function so that the users security matrix is deleted as well when their account is done.
Within the class that is handling all the membership functionality, there is this portion tha handles the deleting, i would like to add a call to my class that has the delete method so that when you click delete, the membership account as well as the matrix record is deleted. Since the delete is already setup within my 2nd class, how can i call it to execute it from within the first class?
Our web application hosted from windows 2003 server, is trying to access a file present in a shared folder of another windows 2003 server. The path for the shared folder is configured in the webconfig file in the below format.
<add key="ReportPath" value="\<Server_Name>Reports"/> if (!File.Exists(ReportPath)) / Show the report in a link
This function File.Exists() always returns false and when I try to remove the check, it returned the exception, "Logon failure: unknown username or bad password."
I am facing a problem where when a user logins for the first time it shows the following error: The resource cannot be found. Description:HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
I am currently using the built in ASP login function... the destinationpageurl of that login function locates to "loginhome.aspx" for all users... but for one specific user ("Admin") it needs to link to "adminhome.aspx"... just wondering whats the best way to do this? Can I change the destinationpageurl of the login function depending on the user or creating an admin role so "If membershiprole = 'Admin' redirect to 'adminhome.aspx' End If" or can I just add some code behind the login function so "If User.login.Name = 'Admin' Then destinationpageurl = 'adminhome.aspx' End If" think I have already tried this on the login1_authenticate event but it didn't work
I have an application with a custom mebership (I'm still working on it). There is some funcionality in the application for asociating users. This means that (if already associated) one user could switch to some other user with just a click.
My question is:
Can I do a function that would allow me to authenticate one user without sending the password as a parameter?
