We are using IIS6 and .Net Framework 2.0 for our intranet with Windows and Digest Authentication . We have 2 domains that have access to this intranet. I suddenly have the need to display slightly different content for users from Domain A. The changes are rather trivial (text on a label and and image in a header) but important to our stakeholders.
View 4 RepliesI'm still new to windows authentication. Basically, we have a page on http://externalsite.com that needs to be accessed only by an authenticated user originating from http://internalsite. The user on internalsite is already authenticated using windows authentication.I'm confused here. How can I validate the user and obtain their role so that i can not only validate that they are authentic, but to authorize them to use this page on externalsite.com?
View 2 RepliesShow Authenticated user on Intranet:
Response.Write("UserName is: " + User.Identity.Name);
In Web.config:
<authentication
mode="Windows"/>
<authorization>
<allow
users="?"/>
</authorization>
This works fine on local server. But not on Intranet.
On Intranet, it was working fine on IIS 6.0.
But on IIS 7.5, the user doesn't get authenticated.
I want to find URL from the incoming request is coming. I am giving the explanation below
Suppose a client is redriecting the request from www.xyz.com to www.abc.com/ClientInfo.aspx. Now www.abc.com is in the asp.net c#. Now i want to find www.xyz.com on www.abc.com/ClientInfo.aspx page.
All I'm trying to do is pull the current user's login name from Active Directory. I've tried User.Identity.Name.ToString, which returned nothing at all. I tried Environment.UserName.ToString, Which returned "NETWORK SERVICE" which is not the firstname.lastname username that I was expecting.
View 3 RepliesMy issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL.
Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention?
Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option.
I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content.
Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;
Im working on an application that has a login section that accepts a username and password. On successful login a userid is returned and encrypted with TripleDesKey. The user details are then stored in a session object. We already have a class library that performs encryption and decryption using a key in the web.config file. I basically want to be able to access the user details of the currently logged in user in a page accessed from the main site that may be in a different domain, but is effectively part of the same site, so I wont have access to the session object from the main site. so basically a user logs in, I have the user details stored in a session object, I also have access to the encrypted userid also in a session object. If a user then clicks a link to another page that is in a different domain, how do I persist the userID?
I suppose I could I tag the encrypted userid to the querystring, but security could be an issue here (even though the id is encrypted, someone could still modify it)
I want to make my domain administrators the administrators to my web application so that they are the only ones that can change content. All other users would simply be able to read the material. I am relatively new to web apps and I can not seem to find what I am looking for anywhere on the net.
View 2 RepliesCan I get who the remote user is on IIS Server that is not part of the domain without challenging/prompting the user? I am thinking not, but wanted to see if anyone had a different answer. I added the server to my intranet zone but that didn't cause IE to send any user information. Or maybe it did but since the IIS server is not part of that domain it can't do anything with the user information. I am looking at the ServerVariables in the Request object.
View 1 RepliesTwo users using the same machine, same browser.
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id. We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
I have a machine in MyDomain on which i have deployed the website and file server as virtual directory. For file server i have created an application pool with identity as UserName and Password. And file server directory setting as Integrated Windows Authentication instead of Anonymous Access. When i am accessing file server from outside the domain then it is asking for user name password. After providing the credentials it open the file. Now i am trying to access the file server from wbsite using the machine outside the domain.Before accessing i am impersonating the current user with user which is present in identity. But after redirecting to the file server url it is again asking the credntial. why it is asking the credential if i have already impersonated the user.
View 4 RepliesI have also installed SSL on a subdomain. I have put payment page under this sub domain.
View 4 RepliesMy feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 2 RepliesI have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
View 2 RepliesI have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
View 3 RepliesI want to get username and machine name of local computer logon to domain. So, how can I get it?My site has annonymous access checked in IIS. cause this application is for the Internet not our company's Intranet.for example, I logon to domain (test.com) in the local computer name is PC1, with the account and pass is: client1 and 1234567.I visit my website, now I want to get user and computer name to show up on asp.net.
View 1 RepliesI am creating a website and I want to know that user is coming from where, like from google, bing, asp.net, any other site. Is their any way to find out in asp.net ??
View 1 RepliesI am creating a website and I want to know that user is coming from where, like from google, bing, asp.net, any other site. Is their any way to find out in asp.net ?
View 3 RepliesWe also have sales rep that take call and use the same website to take the orders.
My boss wants me to allow the SR to only be able to take orders if they are in the network itself. When I ask why he tells me "just because".
I'm sure there's a way but I can't see it at the moment. How do I go by doing that? Also keep in mind that if the SR is outside the intranet, he can't be allowed to enter his active directory login/password (so the login window must not even show).
I have been tasked with creating an intranet site and have been able to do everything so far (leaves the door open wide, I know ) EXCEPT get the username that the person is logged in as under their own computer.
<system.web>
<pages styleSheetTheme="Black"/>
<customErrors mode="Off"/>
<compilation debug="true" urlLinePragmas="true"/>
<authentication mode="Windows" />
<identity impersonate="true"/>
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>
Under my master page I am doing this:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Environment.UserName.Length > 0 Then
username.Visible = True
username.Text = Environment.UserName
Else
username.Visible = False
End If
End Sub
All I am getting is the ASP account name....what am I doing wrong??
I've a project using windows authentication and it will be used in intranet. The client itself already have a web application in their intranet and they built it with Java (they used windows authentication too). The problem occur when they want my web application only appear within their application content section.
What should I do? I did think about using iframe but some people said it's evil. And if I'm going to use iframe, is it save? My web application will use a few pop up window/modal window and ajax.
i m trying to set up an Intranet site with Windows Authentication. I have configured the web.config as shown below.
<authentication mode="Windows">
<roleManager enabled="true" />
I wanted to do authorization by roles so
<authorization>
<deny users ="?"/>
<allow roles="D820MySite_Developers, D820MySite_Admins"/>
</authorization>
I'm in the D820MySite_Developers group. When I attempt to login, it wants my password. I thought that with Windows Authentication it should not prompt for the password. If is use <allow user="*"/> it does not.
1. Is this the correct behavior?
2. My aspnetdb does not appear in the App_Data folder. Should it and is this causing the problem. If it should be there, how do I get it there?
3. I was under the impression that by using Windows Authentication, I can prevent users from accessing pages by folder. Is this provided by IIS or is this provided by Windows (using Windows Explorer)?
We would like to use AD authentication with our Intranet site to control what pages different users can access. I'm very new to ASP.net and would be interested in links to a how to description. We are using Visual Studio 2008.
View 1 Replies