We have created an Intranet Web Application with Windows Authentication.
That asking a prompt to get Username and Password each time when we access the application.
How can we restrict that prompt other than IE --> Security --> Custom Level --> User Authentication.
(Because, with this option we need to set these settings in each and every user's system)
We have an IIS/ASP web page from a vendor that we have just dropped onto a webserver within our company. The ASP pages do not come with any sort of authentication built in, so I am trying to configure the site to prompt for credentials before being accessible. I would like the site to prompt for the credentials in all cases (ie. I don't want Internet Explorer to pass through the credentials of the logged in user). I want authorization to this site to be allowed only to members of a certain security group with Active Directory.
Is there a way to do this? I'm not really an IIS guy, nor an ASP developer, so I'm kind of feeling my way through the dark here.
Based on some searching, I have tried adding the following to the web.config file:
[Code]....
I have also installed the IIS URL authorization role service, and have tried playing around with the authentication settings within IIS, to no avail.
I am using IIS7 on Server 2008.
I am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
I have an asp.net application which was working fine with the AppPool Identity set to Netwrok Service or Local System or Local Service. But If I change the app pool identity to a domain account (I am using my account itself) I am unable to access the application from any other machine except the web server.I am using Windows Integrated Authentication.I tried resetting IIS, Restart W3SVC, aspnet_regiis -ga . But no luck.
View 5 RepliesI have a .Net web application which successfully takes on the callers windows credentials (Thread.CurrentPrincipal is my windows user).
Within that app, I call to a WCF service, but my windows identity isn't passed up. Regardless of what I put in the binding:
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 RepliesI'm trying to setup my IIS 7.0 MVC2 site but having problems.I want to use Integrated Security so that the app can obtain the user's credentials. We can then do a look-up of some AD groups to determine what they can do from that point onwards.The problem is - Every time we browse to the application, instead of navigating to our main page immediately, we get a login prompt provided by IE. I've read that we need to make sure that in the browser's Tools->Options->Advanced-> (Securiy-> ENable Windows Intagrated Security) must be checked - which it is on ALL 3 machines where I try this.
The machines AND the server are all in the same domain.My config file states <authentication mode="Windows" /> and I've tried every combination for <identity...> and <authorization...> but to no avail. I can only get the "login" prompt to go away if I enable Anonymous Authentication - but then I can't detect the windows user or their group membership.
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
View 9 RepliesWe have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
I have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 RepliesI have a mvc2-website with windows authentication.
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
</authorization>
In IE the website keeps asking several times for my credentials per webpage. In Firefox it works correctly.
Is the above possible? Basically i need it as I am creating a site where users can upload files to a shared network drive which is secure and has a system account
When a user clicks on upload file, If possible I would like the page to automatically kind of log in with the system account, copy the files and then log off. I know I could achieve something similar mapping a drive but would prefer not to do that for these reasons;
- Security risk if the mapped drive for some reason isnt removed by the code
- User may not have the drive letter free.
I have a web form and code snippet for it is below:
<body>
<form
id="form1" runat="server">
<div>
<h5>Welcome
<%= System.Security.Principal.WindowsIdentity.GetCurrent().Name
%>.........
But when run my web application, i m getting message "Welcome NT AUTHORITYNETWORK SERVICE " and not the current windows user name.
I have a zealous network administrator who insists that we must use https on an intranet web application in order to safeguard user's credentials. The app is an asp.net web app that uses Windows Authentication to automatically identify users and log them in. There is no login dialog and user's never enter their login or password. The application does not process any confidential data, and the only rationale for requiring https is to "safeguard" users credentials. Additionally he stated that ntlm can be easily hacked.I responded with some information from an MS white paper on Windows Authentication that said it was the recommended way of authenticating users, and that user's credentials were safe because their passwords are not transmitted across the network when the application authenticates them since it sends a hash of the password.
View 1 Replies[Code]....
View 4 RepliesI have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 RepliesIs it possible to bypass the NT challenge login, and just have a standard webform login, then authenticating programtically as that user and passing those credentials manually to my connection string so that the database sees me as that user?
View 1 RepliesI am Publishing crystal reports on remote server using the following code. when i try to run the crystal report page Crystal report viewer prompt me for database info. As the published crystal report were created using development server. In my crystal report i was using OLEDB ADO Connection
MyRepository _MyRepository = new MyRepository();
System.Data.SqlClient.SqlConnection myConnection = new System.Data.SqlClient.SqlConnection();
myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["MyConnStr"].ConnectionString;
System.Data.SqlClient.SqlCommand MyCommand = new System.Data.SqlClient.SqlCommand("dbo.spMySP");
MyCommand.Connection = myConnection;
MyCommand.Parameters.Add("@PositionID", SqlDbType.Int).Value = (cmbPositions.SelectedValue == "" ? 0 : Convert.ToInt32(cmbPositions.SelectedValue));
MyCommand.CommandType = System.Data.CommandType.StoredProcedure;
System.Data.SqlClient.SqlDataAdapter MyDA = new System.Data.SqlClient.SqlDataAdapter();
MyDA.SelectCommand = MyCommand;
ASale _DS = new ASale();
MyDA.Fill(_DS, "dbo.spMySP");
rptSale oRpt = new rptSale();
oRpt.SetDatabaseLogon("sa", "mypass");
oRpt.SetDataSource(_DS);
oRpt.SetParameterValue(0, "param1");
oRpt.SetParameterValue(1, "param2");
oRpt.SetParameterValue(2, "param3" );
oRpt.SetParameterValue(3, (cmbPositions.SelectedValue == "" ? 0 : Convert.ToInt32(cmbPositions.SelectedValue)));
CrystalReportViewer1.ReportSource = oRpt;
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
View 3 RepliesI am using Asp.Net application for calling an existing Java webservice. Recently the web service is configured with Security certificates. Now I need to call the webservice using "https:URL .." and by passing the credentials i.e. UserId and Password.
When I call the webservice using [URL] I get the below error. Is the change in my code is causing this error?
Error:Client found response content type of 'text/html; charset=iso-8859-1', but expected 'text/xml'. The request failed with the error message: --
500 Internal Server Error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. contact the server administrator, you@your.address and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.
IBM_HTTP_Server Server at ............ Port 443
We have created a website and for the secured files created a virtual directory and in virtual directory properties we selected Application-user(pass through authentication).If any user directly browse the files link then the browser prompts a screen for virtual directory credentials.Here my requirement is i need to send the virtual directory credentials through the application.
View 4 RepliesI have developed An Inventory Management System in ASP.Net . The application is hosted now ... From manager to data entry operator every1 z having seperate login , roles and limitation to access website ... From Our office every1 is accessing the application and working on it. My question is even they can access the apllication from public PC (Browseing Center) ?? coz they knew the password. Am i rite. Now, I need to restrict my application access in public PC (Browseing Center)? Can i limit accessing of my website application only in office not in public PC (Browseing Center)? can i allow certain IP to access my website application?
View 11 RepliesI'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
I want to create a popup application that will run against my sql database and Fire a popup everymorning at the user machine to ask a question. the response will be send back to the Database. Prety easy with Windows service BUT not with a POpup or Interface.
View 3 RepliesI have an application that uses Active Directory to validate users as well as populate a couple doopdown list, the application is connected to sql database on a seperate server. When I first published the application I got an error from Active Directory I eventually found out that I had to embed a username and password within the code for active directory to work. When i sorted out this problem I got one with my SQL and again used a username and password to allow connection to the database.
My new problem is when a user other than me logs in the windows popup windwo appairs requiring user name and password to login. The program is writen for windows authontetation but form where I check the person loged onto the computer and check username against active directory. After the person clicks the "OK" button a couple time they then have to click the close to exit the screen. the user can look at a page but if they try any kind of processing they are required to log in again and this time they are not verified. I would like to get rid of the popup box and let the validation gor though like it dose in my location.