I would like to know if it is possible in a custom Membership to get the username of the login and to get first his role before testing his password.
The reason is just that we have to implement also another security with RSA depending on the role of the user.
I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
View 1 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI'm doing form authentication with roles to access areas of a website. The authentication is working great, but I'm having trouble with the roles piece. On the page in question (needing to narrow the access), the top lblGrps.text (below) shows I'm in the group I need to be in, while the response.write (also immediately below) reads false for the EdIT group:
[Code]....
1. How do i limit access to admin directory to only admin roles ?I logged in with a user whose role is Customer and went to the url of mysite.com/admin/ and it shows be the directory listing for that directory.
2. Have I implemented the roles/web.config correctly ?
[Code]....
I think I'm missing something simple...I have a customRole Provider set up and it seems to be working fine - I can add/change/delete info using the WAT.For my Authorization I do a custom routine that is separate from the .net provider that basically says the users is or is not authenticated (true/false).If the user IS authorized how do I set the cookie (or whatever) letting .NET know who they are so I can use the roles on a directory level?I know I can use Roles.IsUserInRole on individual pages but I'd like to be able to use directory based authorization too (from the web.config).
View 3 Repliesis possible or do you have to use a forms based auth when using a role manager?
View 1 RepliesI've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.
I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.
If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own?
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 RepliesI am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:
Web.config (root):
[Code]....
Web.config (Member directory):
[Code]....
Login.aspx:
[Code]....
Global.asax:
[Code]....
Works fine in local machine but shared hosting is not taking the authenticated user to the pages inside the secured folders. What can be the issue?
I have used form authentication, when i am trying to open the forgot passord page by click on link button that is on same login page. it needs authentication without authentication, i am not able to access the forgotpage.aspx
[code]....
Using windows Authentication... is it possible to progrematically change a password?
I tried using several ways to do this. I tried using the ChangePassword control. This tells me that minimun characters is 7 even though I have more then 7 characters... I also tried using this method:
[Code]....
The user is always null... and I am assuming this is because this object is indended to use with Forms authentication.
All I want to do is have an option for users to change passwords. Is this possible with Windows Authentication?
In the web.config, how do add a connection string by using a window authentication with the username and password? I have tried like this and it keeps ignoring the username and password
<connectionStrings>
<clear/>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Integrated Security=SSPI;Initial Catalog=ufiledb;Data Source=MyServer;User Id=user1;Password=xxxxxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
[Code]....
View 4 Replies Foe getting Logon computer username i m using digest authntication mode. But when i browse website it's asking for username and password. while already windows login with the same username.
I understood that in this auhtntication mode it's required. But r there any configuration with it i am not getting this Prompt ? Any group ploicy ??
For IE i have added website into trusted zone but still it's asking for username and password.
R there any other way i getting Computer logon name in asp.net application. There are But only work when i run from Editor from IIS it's not retuning value.
We have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
One our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
View 1 RepliesI have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 RepliesWe have a link in our site that pin points to sharepoint documents and we are retreiving some documents files (*.doc). Our sharepoint uses IWA (integrated windows authentication) which is prompted if we're trying to access that documents, unfortunately we don't want to prompt that window to authenticate the user. We need is to create a username and password and authenticate it. how can we do that.
Note* we have 2 server one for our application and the other one is for sharepoint.
To work with the ASP.NET 2.0 Membership and Role, we will use Forms authentication for the public Internet.
On the other hand, we use Windows authentication for Intranet applications. uestion: In a website with Windows authentication, can I still have some kind ofole management for different
groups of the Intranet users? If yes, how?
I am trying to build an application that
1. user can login by their AD account and password.
2. AD account can be assigned to different group.
I know there is a training video - [URL] to teach how to use the tool to provision the membership schema to SQL server for Forms authentication. but how can I use AD authentication with this?
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
View 1 RepliesUsually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
I can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.