Security :: How To Make An IIS Page Prompt For AD Credentials
Apr 1, 2010
We have an IIS/ASP web page from a vendor that we have just dropped onto a webserver within our company. The ASP pages do not come with any sort of authentication built in, so I am trying to configure the site to prompt for credentials before being accessible. I would like the site to prompt for the credentials in all cases (ie. I don't want Internet Explorer to pass through the credentials of the logged in user). I want authorization to this site to be allowed only to members of a certain security group with Active Directory.
Is there a way to do this? I'm not really an IIS guy, nor an ASP developer, so I'm kind of feeling my way through the dark here.
Based on some searching, I have tried adding the following to the web.config file:
[Code]....
I have also installed the IIS URL authorization role service, and have tried playing around with the authentication settings within IIS, to no avail.
I am using IIS7 on Server 2008.
View 4 Replies
Similar Messages:
Feb 5, 2010
I am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
View 15 Replies
Mar 4, 2011
I have an asp.net application which was working fine with the AppPool Identity set to Netwrok Service or Local System or Local Service. But If I change the app pool identity to a domain account (I am using my account itself) I am unable to access the application from any other machine except the web server.I am using Windows Integrated Authentication.I tried resetting IIS, Restart W3SVC, aspnet_regiis -ga . But no luck.
View 5 Replies
Oct 24, 2010
We have created an Intranet Web Application with Windows Authentication.
That asking a prompt to get Username and Password each time when we access the application.
How can we restrict that prompt other than IE --> Security --> Custom Level --> User Authentication.
(Because, with this option we need to set these settings in each and every user's system)
View 3 Replies
Oct 11, 2010
From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.What could be the reason for this?
View 3 Replies
Jan 26, 2011
I am Publishing crystal reports on remote server using the following code. when i try to run the crystal report page Crystal report viewer prompt me for database info. As the published crystal report were created using development server. In my crystal report i was using OLEDB ADO Connection
MyRepository _MyRepository = new MyRepository();
System.Data.SqlClient.SqlConnection myConnection = new System.Data.SqlClient.SqlConnection();
myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["MyConnStr"].ConnectionString;
System.Data.SqlClient.SqlCommand MyCommand = new System.Data.SqlClient.SqlCommand("dbo.spMySP");
MyCommand.Connection = myConnection;
MyCommand.Parameters.Add("@PositionID", SqlDbType.Int).Value = (cmbPositions.SelectedValue == "" ? 0 : Convert.ToInt32(cmbPositions.SelectedValue));
MyCommand.CommandType = System.Data.CommandType.StoredProcedure;
System.Data.SqlClient.SqlDataAdapter MyDA = new System.Data.SqlClient.SqlDataAdapter();
MyDA.SelectCommand = MyCommand;
ASale _DS = new ASale();
MyDA.Fill(_DS, "dbo.spMySP");
rptSale oRpt = new rptSale();
oRpt.SetDatabaseLogon("sa", "mypass");
oRpt.SetDataSource(_DS);
oRpt.SetParameterValue(0, "param1");
oRpt.SetParameterValue(1, "param2");
oRpt.SetParameterValue(2, "param3" );
oRpt.SetParameterValue(3, (cmbPositions.SelectedValue == "" ? 0 : Convert.ToInt32(cmbPositions.SelectedValue)));
CrystalReportViewer1.ReportSource = oRpt;
View 1 Replies
Feb 1, 2011
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
View 1 Replies
Feb 4, 2010
I am using windows authentication for security in my webpage. Now i want is that if user opens a webpage and then sit idle for 15 minutes and after that try to use webpage , i can ask him for credentials.
View 3 Replies
Feb 8, 2010
Is there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.
View 2 Replies
Sep 8, 2010
I'm trying to write a simple login page, that will allow my users to login to my site using their Active Directory credentials (using their username / password we give them through AD).
I want to do 2 things with the login:
1. I want to check the username / password against our AD and verify the person is a valid user within the directory.
2. I also want to store the entry within a global variable so when the user fills out one of the forms within the site it can Insert the data into a SQL table i have running.
** we are using this site to do Setup Change Request Forms / Termination forms etc. and I just want to verify the person signing off on the form is the person logged into the machine -- use it as an "electronic signature per say".
I'm using a vb.net 2.0 approach - as i only have access to visual studio 2005 and i'm more of a vb programmer then a c#.
If anyone has any examples or can walk me through how to go about writing out this page that would be great.
View 1 Replies
Feb 28, 2011
I have been trying to perform security validation in a page using the credentials of the domain users ...
However, when I try to get the value in
Code:
HttpContext.Current.User.Identity.Name
is always returned blank.
PS: When I run the code in the IDE is returned "domainuser" ... but when the page is hosted on a IIS server, the returned value is always blank.
View 4 Replies
Dec 20, 2010
[Code]....
View 4 Replies
Mar 22, 2011
[Code]....
i have a above connections string in which i use UserName: taha1_ID2, Password: taha321, and SQL Server DataBase Name:taha1_web2 How can we encrypt it in web.Config
Note: All the above are fake.
View 4 Replies
Mar 14, 2011
In order to find out what identity is running an app, this line is used:
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
But is there another way to find out this name such as through the command prompt?
View 2 Replies
Jul 9, 2010
I have a problem with a simple site that is not requiring login. When run in internet explorer
it works as it should. But when I try to access the page with Mozilla Firefox or Apples Safari
i get a login prompt and no valid useraccount can be entered. I have tried setting authentication mode to either Windows or Forms but it makes no difference.
I can cancel to get the page to load but then I see my logo is not showing
(Logo in Images/file.jpg) When I try to use a link to another page it does not allow me access denied.
As said before with IE everything works OK!! Frustrating, probably something simple...
Even more frustrating On another server it works OK,
Application in Swedish server works
Application in US Server does not work with other browsers but IE.
Same setup for server, IIS 6 Windows server 2003 .Net 2 & 3.5
View 1 Replies
Jul 29, 2010
I have an asp.net c# site that I have setup in IIS 7 and am loading into a sharepoint frame. Sharepoint doesn't prompt for domain credentials but my site does?In IIS I have enabled basic and windows authentication so I can get the domain users username, so if there is a way to get this without prompting that'd be a perfect solution for me.I am using the follwing statement to get username:
System.Web.
HttpContext.Current.User.Identity.Name
View 12 Replies
Nov 10, 2010
I am using forms authentication. It's works fine locally. Once I upload my web application to a remote iis server and run it I get a Windows authentication prompt. The server [URL] at [URL] requires a username and password.
View 1 Replies
Sep 17, 2010
I'm trying to setup my IIS 7.0 MVC2 site but having problems.I want to use Integrated Security so that the app can obtain the user's credentials. We can then do a look-up of some AD groups to determine what they can do from that point onwards.The problem is - Every time we browse to the application, instead of navigating to our main page immediately, we get a login prompt provided by IE. I've read that we need to make sure that in the browser's Tools->Options->Advanced-> (Securiy-> ENable Windows Intagrated Security) must be checked - which it is on ALL 3 machines where I try this.
The machines AND the server are all in the same domain.My config file states <authentication mode="Windows" /> and I've tried every combination for <identity...> and <authorization...> but to no avail. I can only get the "login" prompt to go away if I enable Anonymous Authentication - but then I can't detect the windows user or their group membership.
View 1 Replies
Jun 22, 2010
I have to post my request to the web page [URL] and this require 3 credentials namely account id ,username and password and i have to pass the some data for the fields in the page
View 3 Replies
Apr 12, 2010
have been facing a problem in passing credentials to a web service. I have searched a lot on it and found solution but they didn't work for me coz the scenario with me little different I believe.The situation is like this. I have a 3rd party web service "https://3rdpartyserver/virtualdirectroy/service/service.aspx".So when I try to browse the service in IE it takes me to the login page ("https://3rdpartyserver/virtualdirectroy/Loginpage.aspx"), when I enter usename and password in it and hit Log In button it takes me to the service where all the web methods are listed
View 3 Replies
Nov 22, 2010
I already made a login page and other pages, but I need when I go to the other Page show me a login Page with the page I want to go to. So when I enter UserName and Password go to the page I focus on. For example I need to show authors Page so If I'm not login when It shows. The Login Page shows with the link to authorPage in the URL.
View 4 Replies
Jul 8, 2010
We have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
View 1 Replies
Mar 1, 2010
I have an Intranet web site that uses Windows Authentication and when a users password expires the do not get a prompt letting them reset it. We also have OWA and if they go there to check mail, it sends them to a page which allows them to reset it there. How can I trap for expired passwords and allow them to change it like they can with OWA?
View 1 Replies
Mar 1, 2010
In my environment, we use Active Directory as our password repository. I'm writing an app that uses the users windows session (windows auth) to authenticate the user. This is working well, but I need to provide a way for users to log in as a different user. I setup a web form to accept a username and password. My question is this, I need a secure way to validate the user's credentials against AD. I cant have the credentials passed as clear text. Ive come across the impersonate user functions, but i'm leary because you have to pass a clear text password into the password field. I know I could also use LDAP, but without a certificate, I know plain LDAP is relatively insecure. Can someone point me in the right direction of a more secure solution to query AD with the credentials?
View 3 Replies
Jul 20, 2010
I have an intranet web application, where i have windows authentication = true in web.config. I hear from end users that the website is aksing for their login credentials and they don't like it. By the way i am getting theusername from HttpContext.Current.User.Identity.Name and Domain Name from Mid(UserNameID, 1, InStr(UserNameID, "") - 1).In IIS, anonymous access is unchecked and Integrated wnidows authentication is selected.
View 9 Replies
