Security :: How To Enforce Logon Hours Validation
Oct 6, 2010How to enforce logon hours validation
View 10 RepliesHow to enforce logon hours validation
View 10 Repliesfigure out how to pull a specific users logon hours from Active Directory? I am using Visual Studio 2005 and asp.net.
View 1 RepliesI have a website running on iis 5.1 with asp.net 2.0. Where in the windows registry can I change the requirtements for some the security features? For example, I do not want to enforce strong passwords and I do not want to use the secret question and answer features.
View 4 RepliesI have an app that uses impersonation to gain access to a database (on server separate from IIS). The app connects to the database using a trusted connection and seems to be working just fine. However, we get these logon failure events in the security event viewer:
[Code]....
It must have something to do with impersonation because the login failure is for the domain account which my app is impersonating under. But again, the app is working fine so I'm having a hard time figuring out how to stop these logon failures.
I get about 5 minutes of inactivity before a logon box appears for a site I manage. Once logged in, our users must be able to stay logged on all day with no annoying logon popups. This started happening after a change i made to IIS6. We formerly had digest authentication and windows integrated authentication checked and everything worked fine but our users complained because they had to put creds in as <domainuserid>. We want to get rid of the domain requirement. To do this i unchecked windows integrated authentication and added the domain to the "Realm" text box. I can log in now without the domain, and everything works as before but I only get a few minutes before I have to relogon. I tried increasing the connection timout to 36000 and have keep alives checked on the web site property page. I also tried setting the web servers registry setting: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesInetInfoParametersDigestContextCacheTTL to 36000 (ten hours). these changes had no effect that I can see.Our setup:we use SSL and have a test certificate that is expired We are hitting the site on our intranet with IE7 or IE8. The production version of this site is on the internet though.IIS6 on a 2003 serverkeep alives is checkedanonymous authentication is uncheckeddigest authentication is checkedwindows integrated authentication is uncheckedIISRESET was run after each change.
View 7 RepliesI managed to user to perform multiple log on from other IE window session in my web application if the same log on is currently being used.Unfortunately I have problem to control multiple log on if the user is logging in using tab browsing in the same session. I know this is due to the same session Id but is there any way to trace down to the tab level within the same session?
View 2 RepliesWe will put the active directory logon when the user access the website, the user needs to fill in his user name and password.
How do we store/get the details of the logon user once the user is logged in?
I have created an intranet site in win 2008 server. Enabled Windows Authentication and disabled Anonymous. I want to get AD logon username(current win logon user).I used HttpContext.Current.User.Identity.Name and also tried User.Identity.NameI am accessing the site from client machine. I am not getting the client's logon user instead getting the server's logon user. But I want client's logon user only.I just want to get username. I dont need any login screens or bla blaWhen I run in my development system(XP), its working fine.
When I deploy to windows 2008 server, I am getting problem(Getting only the server's logon user instead of getting the client's logon user).So, problem in the server settings. So, any settings I need to set to get this worked?I enabled Windows Authentication for my site in IIS management window. Disabled Anonymous authentication.
I have created an Intranet site using windows authentication based on role membership. It is working great. My Web.config is shown below.
<authentication mode="Windows" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
<authorization>
<allow roles="D820Developers, D820IT, D820Staff, D820Providers, D820Supervisors, D820Directors, D820Interns" />
<deny users="?"/>
</authorization>
Now my user wants the capability of being able to login to the intranet site as another user. For example, IT guy needs to login on a user's system to set some data.
I have created a standard MS Login Page. However when I try to login on the page I get the message
Your login attempt was not successful. Please try again
I do not have a database (aspnetdb.mdf) storing user information but login against the active directory. Can you use the login form with windows authentication without a database?
I'm using forms authentication in my application but i want to get the active directory domain anme and user name of the logon user. is that possible. The IIS Directory security settings are Anonymous Access allowed and Integrated windows authentication ticked. I tried the following but to no avail
Request.LogonUserIdentity.Name (this is returning the machine name and user name used for anonymous access)
System.Security.Principal.WindowsIdentity.GetCurrent().Name -> returning NT AUTHORITYNETWORK SERVICE
Ok so I've created a login page that accesses my Active Directory and challenges against it. What I would like, is if a user is logged onto the computer within the intranet with Active Directory Credentials for them to bypass the login to the web page.
However if they are outside of the building on a random computer, they should be presented with a login box just like they are now.
i was just wondering how one would approach creating a link that would be active for 24 hours for a user... ie i have in the db a time of confirmation and then wanted to make a download active for them for 24 hours and deactivate it post then.
View 1 RepliesI'm running IIS 6.0 on a Windows 2003 server and running an ASP.NET 4 application which connects to an SQL Server 2005 database on another server. I have my Default.aspx page set to Windows authentication with anonymous access disabled.
When I load up the page it asks for a username and password (as expected), I enter my credentials and it comes up with the following error:Login failed for user ''. The user is not associated with a trusted SQL Server connection.
If I add the following to my web.config file: <identity impersonate="true"/> then I get the following error:
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.
And if I add the <identity impersonate> tag set to true and with my username and password included it connects successfully.
I can't leave this in there as I want each user to connect as themselves, so why is the server not using the credentials that I enter when prompted to connect to the database ?
I have a grid view which contains Hours as one of the columns.. now, i need to have a total hours in the footer (sum of hours for all rows).
View 2 RepliesI am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
View 4 RepliesIn my asp.net application I user Microsoft Membership to manage site access security and find the time saved into LastLoginDate is ahead of local time (Eastern Time Zone) 3 hours. What is wrong with it and how to ajust it to local time by application system only such as changing some properties od application?
View 2 RepliesI want to get username and machine name of local computer logon to domain. So, how can I get it?My site has annonymous access checked in IIS. cause this application is for the Internet not our company's Intranet.for example, I logon to domain (test.com) in the local computer name is PC1, with the account and pass is: client1 and 1234567.I visit my website, now I want to get user and computer name to show up on asp.net.
View 1 RepliesHow do I ensure and enforce that all write operations to my MS SQL Server DB are transactions-based?
The reason I want to do this is that the DB contains financial account data and operations that fail halfway through some set of changes should not be able to mess up the database by mistake or by crashing.
The application is written in ASP.NET C#.
Edit:
There is a DAL but it does not (yet) require transactions for changes.We wrote the DAL ourselves. We did not use ORM.
I know how to perform one transaction from ASP.NET.
I want to ensure that all changes are made in transaction form so that if the application throws some exception in the middle, there will be no change to the database.
I want to enforce some calculation to my project, my requirement as follows. I have txtQtyReq,txtQtyyRec,txtQtyShor(All are 3 textboxes) on load all the 3 textbox/columns should show as "0".(QtyShort=QtyReq-QtyRec)I need to calculate/implement this in txtQtyShort column. when i give a value in txtQtyReq as "50" ,it should calculate QtyShort and display as 50.
txtQtyReq txtQtyRec
txtQtyShort(=txtQtyReq-txtQtyRec)
0 0 0
50 0 50
50 20 30
txtQtyReq=Quantity Required
txtQtyRec=Quantity Received
txtQtyShort=Qunatity short
I have checked Enforce Referential Integrity in my relationship section in my access database.By this way Can I delete child records when I delete the perent record?
View 7 Repliesfor some SQL queries I know the expected number of rows that must be affected by UPDATE, DELETE or INSERT statements. It could be a number such as 1 or a range such as 0-1 or 1-2 etc.
What is the best way to enforce that this is the number of affected rows and that otherwise an exception is thrown?
Also, can I limit the number of rows affected for UPDATE/DELETE/INSERT to say 1 row and otherwise get an exception?
I'm trying to extend the GridView into a custom/user control "WorklistGridView". And I'm not quite sure how to do it... so here's what I need:Every row needs to have a control (either a boundfield or a templatefield with a label, etc.) that contains the StepID (which is a column returned in the data set).I want to be able to use the WorklistGridView as a base class and extend it to something like "XyzWorklistGridView", where that child class would have a few more controls in the row template.
View 2 RepliesI had no problem with this in Visual Studio 2008 but it seems that VS 2010 is having an issue, and I'm betting it's probably me.I have a solution with an ASP.NET Web Site Project and a few C# projects (BLL, DAL, Tests in NUnit). I have configured the build process for the test project to automatically run NUnit to run the tests. I would like to ensure that the BLL and DAL projects build before the test project so that the tests will run against the latest compiled version (yes, I know I could do this all in one project, but I'm choosing not to -- please bear with me :) )
So, I set the dependencies of the Test project to include the BLL, DAL, and Web Application projects, and the build order shows BLL, DAL, Web Application, and then Tests. However, I noticed that the BLL doesn't actually build when I build the Test project.Any idea what this could be or any option I might be missing to force the other projects to build when I build the Test project?
I have a hierarchy in my website project as below:
[CustomControl1 - folder]
- CustomControl1.ascx
- CustomControl1.css
- CustomControl1.js
I load css and js files dynamicaly based on which controls are used on particular page. I am doing it by using following code:
[code]....
where AddLinks method adds HtmlLink controls to Page.Header with href attribute set to coresponding css and/or js file.
I would like to add Interface that would force new controls to have AddLinks method but it is impossible since it is a static method. Because my custom controls inherit from Control class I cannot use abstract class and/or virtual methods either. How can I achieve my goal?
I am creating a .Net application where I reset users' passwords in Active Directory using "SetPassword" method. With the way this application works I cannot use "CahngePassword"method.Is there a way (a work around) to enforce the password history when using "SetPassword" method and have a warning when the user is trying to reset the password to any the last five passwords?
View 1 Replies